[openssl-users] tls1_change_cipher_state
Matt Caswell
matt at openssl.org
Wed Jan 2 10:55:57 UTC 2019
On 02/01/2019 10:14, Jakob Bohm via openssl-users wrote:
> On 02/01/2019 10:41, Matt Caswell wrote:
>>
>> On 27/12/2018 08:37, Dmitry Belyavsky wrote:
>>> Hello,
>>>
>>> Am I right supposing that local variables tmp1, tmp2, iv1, and iv2 are unused in
>>> this function?
>> Looks that way. They should be removed.
>>
>
> By the way, why aren't any of your test compilers configured to
> warn about unused local variables? It's a common feature in many
> compilers and thus a free consistency check that can catch typos.
We do have that, but in this particular case the compiler has been fooled into
thinking that the buffers are used:
int tls1_change_cipher_state(SSL *s, int which)
{
unsigned char *p, *mac_secret;
unsigned char tmp1[EVP_MAX_KEY_LENGTH];
unsigned char tmp2[EVP_MAX_KEY_LENGTH];
unsigned char iv1[EVP_MAX_IV_LENGTH * 2];
unsigned char iv2[EVP_MAX_IV_LENGTH * 2];
...
err2:
OPENSSL_cleanse(tmp1, sizeof(tmp1));
OPENSSL_cleanse(tmp2, sizeof(tmp1));
OPENSSL_cleanse(iv1, sizeof(iv1));
OPENSSL_cleanse(iv2, sizeof(iv2));
return (0);
}
Matt
More information about the openssl-users
mailing list