if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask)
count++;
}
+ if(!count) {
+ /* Should never happen */
+ SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
len = slen / count;
if (count == 1)
slen = 0;
}
#endif
/*
- * this is done by dtls1_reset_seq_numbers for DTLS1_VERSION
+ * this is done by dtls1_reset_seq_numbers for DTLS
*/
- if (s->version != DTLS1_VERSION)
+ if (!SSL_IS_DTLS(s))
memset(&(s->s3->read_sequence[0]), 0, 8);
mac_secret = &(s->s3->read_mac_secret[0]);
mac_secret_size = &(s->s3->read_mac_secret_size);
}
#endif
/*
- * this is done by dtls1_reset_seq_numbers for DTLS1_VERSION
+ * this is done by dtls1_reset_seq_numbers for DTLS
*/
- if (s->version != DTLS1_VERSION)
+ if (!SSL_IS_DTLS(s))
memset(&(s->s3->write_sequence[0]), 0, 8);
mac_secret = &(s->s3->write_mac_secret[0]);
mac_secret_size = &(s->s3->write_mac_secret_size);
err = 1;
EVP_MD_CTX_cleanup(&ctx);
+ OPENSSL_cleanse(buf, (int)(q - buf));
+ OPENSSL_cleanse(buf2, sizeof(buf2));
if (err)
return 0;
else
co, col,
s->s3->server_random, SSL3_RANDOM_SIZE,
so, sol, p, len, s->session->master_key, buff, sizeof buff);
+ OPENSSL_cleanse(buff, sizeof buff);
#ifdef SSL_DEBUG
fprintf(stderr, "Premaster Secret:\n");
BIO_dump_fp(stderr, (char *)p, len);
NULL, 0,
s->session->master_key, s->session->master_key_length,
out, buff, olen);
+ OPENSSL_cleanse(val, vallen);
+ OPENSSL_cleanse(buff, olen);
#ifdef KSSL_DEBUG
fprintf(stderr, "tls1_export_keying_material() complete\n");
projects / openssl.git / blobdiff