km += MD5_DIGEST_LENGTH;
}
- OPENSSL_cleanse(smd, SHA_DIGEST_LENGTH);
+ OPENSSL_cleanse(smd, sizeof(smd));
EVP_MD_CTX_cleanup(&m5);
EVP_MD_CTX_cleanup(&s1);
return 1;
if (s->enc_read_ctx != NULL)
reuse_dd = 1;
else if ((s->enc_read_ctx =
- OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+ OPENSSL_malloc(sizeof(*s->enc_read_ctx))) == NULL)
goto err;
else
/*
if (s->enc_write_ctx != NULL)
reuse_dd = 1;
else if ((s->enc_write_ctx =
- OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+ OPENSSL_malloc(sizeof(*s->enc_write_ctx))) == NULL)
goto err;
else
/*
}
#endif
- OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key));
- OPENSSL_cleanse(&(exp_iv[0]), sizeof(exp_iv));
+ OPENSSL_cleanse(exp_key, sizeof(exp_key));
+ OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
EVP_MD_CTX_cleanup(&md);
return (1);
err:
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
err2:
+ OPENSSL_cleanse(exp_key, sizeof(exp_key));
+ OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
return (0);
}
void ssl3_init_finished_mac(SSL *s)
{
- BIO_free(s->s3->handshake_buffer);
- if (s->s3->handshake_dgst)
- ssl3_free_digest_list(s);
+ ssl3_free_digest_list(s);
s->s3->handshake_buffer = BIO_new(BIO_s_mem());
(void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);
}
+/*
+ * Free digest list. Also frees handshake buffer since they are always freed
+ * together.
+ */
+
void ssl3_free_digest_list(SSL *s)
{
int i;
+ BIO_free(s->s3->handshake_buffer);
+ s->s3->handshake_buffer = NULL;
if (!s->s3->handshake_dgst)
return;
for (i = 0; i < SSL_MAX_DIGEST; i++) {
void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
{
- if (s->s3->handshake_buffer
- && !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
+ if (s->s3->handshake_dgst == NULL) {
BIO_write(s->s3->handshake_buffer, (void *)buf, len);
} else {
int i;
}
}
-int ssl3_digest_cached_records(SSL *s)
+int ssl3_digest_cached_records(SSL *s, int keep)
{
int i;
long mask;
long hdatalen;
void *hdata;
- /* Allocate handshake_dgst array */
- ssl3_free_digest_list(s);
- s->s3->handshake_dgst =
- OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
if (s->s3->handshake_dgst == NULL) {
- SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- memset(s->s3->handshake_dgst, 0, SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
- hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
- if (hdatalen <= 0) {
- SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH);
- return 0;
- }
+ /* Allocate handshake_dgst array */
+ s->s3->handshake_dgst =
+ OPENSSL_malloc(sizeof(*s->s3->handshake_dgst) * SSL_MAX_DIGEST);
+ if (s->s3->handshake_dgst == NULL) {
+ SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+ if (hdatalen <= 0) {
+ SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH);
+ return 0;
+ }
- /* Loop through bitso of algorithm2 field and create MD_CTX-es */
- for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) {
- if ((mask & ssl_get_algorithm2(s)) && md) {
- s->s3->handshake_dgst[i] = EVP_MD_CTX_create();
- if (EVP_MD_nid(md) == NID_md5) {
- EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i],
- EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ /* Loop through bits of algorithm2 field and create MD_CTX-es */
+ for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) {
+ if ((mask & ssl_get_algorithm2(s)) && md) {
+ s->s3->handshake_dgst[i] = EVP_MD_CTX_create();
+ if (EVP_MD_nid(md) == NID_md5) {
+ EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i],
+ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ }
+ EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL);
+ EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata, hdatalen);
+ } else {
+ s->s3->handshake_dgst[i] = NULL;
}
- EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL);
- EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata, hdatalen);
- } else {
- s->s3->handshake_dgst[i] = NULL;
}
+
}
- if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
- /* Free handshake_buffer BIO */
+ if (keep == 0) {
BIO_free(s->s3->handshake_buffer);
s->s3->handshake_buffer = NULL;
}
unsigned char md_buf[EVP_MAX_MD_SIZE];
EVP_MD_CTX ctx, *d = NULL;
- if (s->s3->handshake_buffer)
- if (!ssl3_digest_cached_records(s))
- return 0;
+ if (!ssl3_digest_cached_records(s, 0))
+ return 0;
/*
* Search for digest of specified type in the handshake_dgst array
s, s->msg_callback_arg);
}
#endif
- OPENSSL_cleanse(buf, sizeof buf);
+ OPENSSL_cleanse(buf, sizeof(buf));
return (ret);
}
projects / openssl.git / blobdiff