X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_enc.c;h=5d133eef14f08132b951ccf8fa60a8b4dc5937af;hp=2bb5be49f184fc669fa44ad1cc7e7665b4ad77e4;hb=42ba5d2329a2705d45417db3dd374c677eb47e05;hpb=d1d0be3cd26458f36692b7b7dbe58b89d8bc8b44

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 2bb5be49f1..5d133eef14 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -110,8 +110,8 @@
  */
 
 #include <stdio.h>
-#include <openssl/evp.h>
 #include "ssl_locl.h"
+#include <openssl/evp.h>
 #include <openssl/md5.h>
 
 static unsigned char ssl3_pad_1[48]={
@@ -139,7 +139,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 	EVP_MD_CTX s1;
 	unsigned char buf[16],smd[SHA_DIGEST_LENGTH];
 	unsigned char c='A';
-	int i,j,k;
+	unsigned int i,j,k;
 
 #ifdef CHARSET_EBCDIC
 	c = os_toascii[c]; /*'A' in ASCII */
@@ -147,7 +147,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 	k=0;
 	EVP_MD_CTX_init(&m5);
 	EVP_MD_CTX_init(&s1);
-	for (i=0; i<num; i+=MD5_DIGEST_LENGTH)
+	for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH)
 		{
 		k++;
 		if (k > sizeof buf)
@@ -172,7 +172,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 		EVP_DigestUpdate(&m5,s->session->master_key,
 			s->session->master_key_length);
 		EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH);
-		if ((i+MD5_DIGEST_LENGTH) > num)
+		if ((int)(i+MD5_DIGEST_LENGTH) > num)
 			{
 			EVP_DigestFinal_ex(&m5,smd,NULL);
 			memcpy(km,smd,(num-i));
@@ -182,7 +182,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 
 		km+=MD5_DIGEST_LENGTH;
 		}
-	memset(smd,0,SHA_DIGEST_LENGTH);
+	OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH);
 	EVP_MD_CTX_cleanup(&m5);
 	EVP_MD_CTX_cleanup(&s1);
 	return 1;
@@ -192,17 +192,17 @@ int ssl3_change_cipher_state(SSL *s, int which)
 	{
 	unsigned char *p,*key_block,*mac_secret;
 	unsigned char exp_key[EVP_MAX_KEY_LENGTH];
-	unsigned char exp_iv[EVP_MAX_KEY_LENGTH];
+	unsigned char exp_iv[EVP_MAX_IV_LENGTH];
 	unsigned char *ms,*key,*iv,*er1,*er2;
 	EVP_CIPHER_CTX *dd;
 	const EVP_CIPHER *c;
 	COMP_METHOD *comp;
 	const EVP_MD *m;
 	EVP_MD_CTX md;
-	int exp,n,i,j,k,cl;
+	int is_exp,n,i,j,k,cl;
 	int reuse_dd = 0;
 
-	exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
+	is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
 	c=s->s3->tmp.new_sym_enc;
 	m=s->s3->tmp.new_hash;
 	if (s->s3->tmp.new_compression == NULL)
@@ -276,9 +276,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
 	p=s->s3->tmp.key_block;
 	i=EVP_MD_size(m);
 	cl=EVP_CIPHER_key_length(c);
-	j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+	j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
 		 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
-	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
+	/* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
 	k=EVP_CIPHER_iv_length(c);
 	if (	(which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
 		(which == SSL3_CHANGE_CIPHER_SERVER_READ))
@@ -307,7 +307,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
 
 	EVP_MD_CTX_init(&md);
 	memcpy(mac_secret,ms,i);
-	if (exp)
+	if (is_exp)
 		{
 		/* In here I set both the read and write key/iv to the
 		 * same value since only the correct one will be used :-).
@@ -333,8 +333,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
 
 	EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
 
-	memset(&(exp_key[0]),0,sizeof(exp_key));
-	memset(&(exp_iv[0]),0,sizeof(exp_iv));
+	OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
+	OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
 	EVP_MD_CTX_cleanup(&md);
 	return(1);
 err:
@@ -408,7 +408,7 @@ void ssl3_cleanup_key_block(SSL *s)
 	{
 	if (s->s3->tmp.key_block != NULL)
 		{
-		memset(s->s3->tmp.key_block,0,
+		OPENSSL_cleanse(s->s3->tmp.key_block,
 			s->s3->tmp.key_block_length);
 		OPENSSL_free(s->s3->tmp.key_block);
 		s->s3->tmp.key_block=NULL;
@@ -474,6 +474,7 @@ int ssl3_enc(SSL *s, int send)
 				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
 				return 0;
 				}
+			/* otherwise, rec->length >= bs */
 			}
 		
 		EVP_Cipher(ds,rec->data,rec->input,l);
@@ -482,7 +483,7 @@ int ssl3_enc(SSL *s, int send)
 			{
 			i=rec->data[l-1]+1;
 			/* SSL 3.0 bounds the number of padding bytes by the block size;
-			 * padding bytes (except that last) are arbitrary */
+			 * padding bytes (except the last one) are arbitrary */
 			if (i > bs)
 				{
 				/* Incorrect padding. SSLerr() and ssl3_alert are done
@@ -491,6 +492,7 @@ int ssl3_enc(SSL *s, int send)
 				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
 				return -1;
 				}
+			/* now i <= bs <= rec->length */
 			rec->length-=i;
 			}
 		}