comments

[openssl.git] / ssl / s3_enc.c

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 6dfef5caaf8569718d671f63274c7f070656047f..559924d3681b1fc8f3ba6fa968fa33ccfbdebd05 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -110,8 +110,8 @@
  */
 
 #include <stdio.h>
-#include <openssl/evp.h>
 #include "ssl_locl.h"
+#include <openssl/evp.h>
 #include <openssl/md5.h>
 
 static unsigned char ssl3_pad_1[48]={
@@ -182,7 +182,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 
                km+=MD5_DIGEST_LENGTH;
                }
-       memset(smd,0,SHA_DIGEST_LENGTH);
+       OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH);
        EVP_MD_CTX_cleanup(&m5);
        EVP_MD_CTX_cleanup(&s1);
        return 1;
@@ -192,7 +192,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
        {
        unsigned char *p,*key_block,*mac_secret;
        unsigned char exp_key[EVP_MAX_KEY_LENGTH];
-       unsigned char exp_iv[EVP_MAX_KEY_LENGTH];
+       unsigned char exp_iv[EVP_MAX_IV_LENGTH];
        unsigned char *ms,*key,*iv,*er1,*er2;
        EVP_CIPHER_CTX *dd;
        const EVP_CIPHER *c;
@@ -333,8 +333,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
 
        EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
 
-       memset(&(exp_key[0]),0,sizeof(exp_key));
-       memset(&(exp_iv[0]),0,sizeof(exp_iv));
+       OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
+       OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
        EVP_MD_CTX_cleanup(&md);
        return(1);
 err:
@@ -378,13 +378,24 @@ int ssl3_setup_key_block(SSL *s)
 
        ret = ssl3_generate_key_block(s,p,num);
 
-       /* enable vulnerability countermeasure for CBC ciphers with
-        * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */
-       s->s3->need_empty_fragments = 1;
+       if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+               {
+               /* enable vulnerability countermeasure for CBC ciphers with
+                * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
+                */
+               s->s3->need_empty_fragments = 1;
+
+               if (s->session->cipher != NULL)
+                       {
+                       if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
+                               s->s3->need_empty_fragments = 0;
+                       
 #ifndef OPENSSL_NO_RC4
-       if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4))
-               s->s3->need_empty_fragments = 0;
+                       if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
+                               s->s3->need_empty_fragments = 0;
 #endif
+                       }
+               }
 
        return ret;
                
@@ -397,7 +408,7 @@ void ssl3_cleanup_key_block(SSL *s)
        {
        if (s->s3->tmp.key_block != NULL)
                {
-               memset(s->s3->tmp.key_block,0,
+               OPENSSL_cleanse(s->s3->tmp.key_block,
                        s->s3->tmp.key_block_length);
                OPENSSL_free(s->s3->tmp.key_block);
                s->s3->tmp.key_block=NULL;
@@ -463,6 +474,7 @@ int ssl3_enc(SSL *s, int send)
                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
                                return 0;
                                }
+                       /* otherwise, rec->length >= bs */
                        }
                
                EVP_Cipher(ds,rec->data,rec->input,l);
@@ -471,7 +483,7 @@ int ssl3_enc(SSL *s, int send)
                        {
                        i=rec->data[l-1]+1;
                        /* SSL 3.0 bounds the number of padding bytes by the block size;
-                        * padding bytes (except that last) are arbitrary */
+                        * padding bytes (except the last one) are arbitrary */
                        if (i > bs)
                                {
                                /* Incorrect padding. SSLerr() and ssl3_alert are done
@@ -480,6 +492,7 @@ int ssl3_enc(SSL *s, int send)
                                 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
                                return -1;
                                }
+                       /* now i <= bs <= rec->length */
                        rec->length-=i;
                        }
                }