[openssl-users] tls1_change_cipher_state

Matt Caswell matt at openssl.org
Wed Jan 2 10:55:57 UTC 2019

On 02/01/2019 10:14, Jakob Bohm via openssl-users wrote:
> On 02/01/2019 10:41, Matt Caswell wrote:
>> On 27/12/2018 08:37, Dmitry Belyavsky wrote:
>>> Hello,
>>> Am I right supposing that local variables tmp1, tmp2, iv1, and iv2 are unused in
>>> this function?
>> Looks that way. They should be removed.
> By the way, why aren't any of your test compilers configured to
> warn about unused local variables?  It's a common feature in many
> compilers and thus a free consistency check that can catch typos.

We do have that, but in this particular case the compiler has been fooled into
thinking that the buffers are used:

int tls1_change_cipher_state(SSL *s, int which)
    unsigned char *p, *mac_secret;
    unsigned char tmp1[EVP_MAX_KEY_LENGTH];
    unsigned char tmp2[EVP_MAX_KEY_LENGTH];
    unsigned char iv1[EVP_MAX_IV_LENGTH * 2];
    unsigned char iv2[EVP_MAX_IV_LENGTH * 2];


    OPENSSL_cleanse(tmp1, sizeof(tmp1));
    OPENSSL_cleanse(tmp2, sizeof(tmp1));
    OPENSSL_cleanse(iv1, sizeof(iv1));
    OPENSSL_cleanse(iv2, sizeof(iv2));
    return (0);


More information about the openssl-users mailing list