fix formatting

[openssl.git] / ssl / s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index ac555c1f80b054d00ef17722434ec562be12fdc1..a2f5b843db48847e68b0f29266c1801645dc5d64 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -1349,7 +1349,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
                        kn=0;
                        }
 
-               if (!BUF_MEM_grow(buf,n+4+kn))
+               if (!BUF_MEM_grow_clean(buf,n+4+kn))
                        {
                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
                        goto err;
@@ -1522,7 +1522,7 @@ static int ssl3_send_certificate_request(SSL *s)
                                {
                                name=sk_X509_NAME_value(sk,i);
                                j=i2d_X509_NAME(name,NULL);
-                               if (!BUF_MEM_grow(buf,4+n+j+2))
+                               if (!BUF_MEM_grow_clean(buf,4+n+j+2))
                                        {
                                        SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
                                        goto err;
@@ -1577,6 +1577,19 @@ err:
        return(-1);
        }
 
+
+static const int KDF1_SHA1_len = 20;
+static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen)
+       {
+#ifndef OPENSSL_NO_SHA
+       if (outlen != SHA_DIGEST_LENGTH)
+               return NULL;
+       return SHA1(in, inlen, out);
+#else
+       return NULL;
+#endif
+       }
+
 static int ssl3_get_client_key_exchange(SSL *s)
        {
        int i,al,ok;
@@ -1717,7 +1730,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                        s->method->ssl3_enc->generate_master_secret(s,
                                s->session->master_key,
                                p,i);
-               memset(p,0,i);
+               OPENSSL_cleanse(p,i);
                }
        else
 #endif
@@ -1780,7 +1793,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                s->session->master_key_length=
                        s->method->ssl3_enc->generate_master_secret(s,
                                s->session->master_key,p,i);
-               memset(p,0,i);
+               OPENSSL_cleanse(p,i);
                }
        else
 #endif
@@ -1883,7 +1896,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                 if (enc == NULL)
                     goto err;
 
-               memset(iv, 0, EVP_MAX_IV_LENGTH);       /* per RFC 1510 */
+               memset(iv, 0, sizeof iv);       /* per RFC 1510 */
 
                if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
                        {
@@ -2047,7 +2060,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                         }
 
                /* Compute the shared pre-master secret */
-                i = ECDH_compute_key(p, clnt_ecpoint, srvr_ecdh);
+                i = ECDH_compute_key(p, KDF1_SHA1_len, clnt_ecpoint, srvr_ecdh, KDF1_SHA1);
                 if (i <= 0)
                         {
                         SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
@@ -2069,7 +2082,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                 s->session->master_key_length = s->method->ssl3_enc-> \
                    generate_master_secret(s, s->session->master_key, p, i);
                
-                memset(p, 0, i);
+                OPENSSL_cleanse(p, i);
                 return (ret);
                }
        else
@@ -2087,7 +2100,7 @@ f_err:
 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH)
 err:
 #endif
-#ifndef NO_OPENSSL_ECDH
+#ifndef OPENSSL_NO_ECDH
        EVP_PKEY_free(clnt_pub_pkey);
        EC_POINT_free(clnt_ecpoint);
        if (srvr_ecdh != NULL)