[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
Matt Caswell
matt at openssl.org
Thu Jan 3 14:25:13 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via d7389c8261b5c9ca8cfd2b7d3e58f24c9003f650 (commit)
via bb61be393f87ca1c1fad8dfed8c40a4da9d06448 (commit)
from 42c17f3a10d298ca3d9a1938322860e5dc54269d (commit)
- Log -----------------------------------------------------------------
commit d7389c8261b5c9ca8cfd2b7d3e58f24c9003f650
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: Wed Jan 2 15:47:07 2019 +0300
Eliminate unused buffers from ssl3_change_cipher_state
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7971)
(cherry picked from commit 9c5ef4ea486f675f33592b34775c3e453f60ee69)
commit bb61be393f87ca1c1fad8dfed8c40a4da9d06448
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: Wed Jan 2 13:28:07 2019 +0300
Remove unused variables from tls1_change_cipher_state
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7971)
(cherry picked from commit d072eea2e39c4444ecce3598556053a4c552d9a2)
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_enc.c | 6 ------
ssl/t1_enc.c | 12 ------------
2 files changed, 18 deletions(-)
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index fca84ef..d0acf29 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -90,8 +90,6 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
int ssl3_change_cipher_state(SSL *s, int which)
{
unsigned char *p, *mac_secret;
- unsigned char exp_key[EVP_MAX_KEY_LENGTH];
- unsigned char exp_iv[EVP_MAX_IV_LENGTH];
unsigned char *ms, *key, *iv;
EVP_CIPHER_CTX *dd;
const EVP_CIPHER *c;
@@ -239,12 +237,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
}
s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
- OPENSSL_cleanse(exp_key, sizeof(exp_key));
- OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
return 1;
err:
- OPENSSL_cleanse(exp_key, sizeof(exp_key));
- OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
return 0;
}
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 2db913f..ac84986 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -81,10 +81,6 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num)
int tls1_change_cipher_state(SSL *s, int which)
{
unsigned char *p, *mac_secret;
- unsigned char tmp1[EVP_MAX_KEY_LENGTH];
- unsigned char tmp2[EVP_MAX_KEY_LENGTH];
- unsigned char iv1[EVP_MAX_IV_LENGTH * 2];
- unsigned char iv2[EVP_MAX_IV_LENGTH * 2];
unsigned char *ms, *key, *iv;
EVP_CIPHER_CTX *dd;
const EVP_CIPHER *c;
@@ -334,16 +330,8 @@ int tls1_change_cipher_state(SSL *s, int which)
printf("\n");
#endif
- OPENSSL_cleanse(tmp1, sizeof(tmp1));
- OPENSSL_cleanse(tmp2, sizeof(tmp1));
- OPENSSL_cleanse(iv1, sizeof(iv1));
- OPENSSL_cleanse(iv2, sizeof(iv2));
return 1;
err:
- OPENSSL_cleanse(tmp1, sizeof(tmp1));
- OPENSSL_cleanse(tmp2, sizeof(tmp1));
- OPENSSL_cleanse(iv1, sizeof(iv1));
- OPENSSL_cleanse(iv2, sizeof(iv2));
return 0;
}
More information about the openssl-commits
mailing list