From: Rich Salz Date: Fri, 29 May 2015 16:22:43 +0000 (-0400) Subject: clear/cleanse cleanup X-Git-Tag: OpenSSL_1_1_0-pre1~1052 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e0f9bf1de72e2717a5e8c2126259959e2d650777;p=openssl clear/cleanse cleanup Where we called openssl_cleanse, make sure we do it on all error paths. Be consistent in use of sizeof(foo) when possible. Reviewed-by: Andy Polyakov --- diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index ea9042b165..dd93e251ae 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -206,7 +206,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) km += MD5_DIGEST_LENGTH; } - OPENSSL_cleanse(smd, SHA_DIGEST_LENGTH); + OPENSSL_cleanse(smd, sizeof(smd)); EVP_MD_CTX_cleanup(&m5); EVP_MD_CTX_cleanup(&s1); return 1; @@ -388,13 +388,15 @@ int ssl3_change_cipher_state(SSL *s, int which) } #endif - OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key)); - OPENSSL_cleanse(&(exp_iv[0]), sizeof(exp_iv)); + OPENSSL_cleanse(exp_key, sizeof(exp_key)); + OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); EVP_MD_CTX_cleanup(&md); return (1); err: SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); err2: + OPENSSL_cleanse(exp_key, sizeof(exp_key)); + OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); return (0); } @@ -687,7 +689,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, s, s->msg_callback_arg); } #endif - OPENSSL_cleanse(buf, sizeof buf); + OPENSSL_cleanse(buf, sizeof(buf)); return (ret); } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 68234ecc18..88e649d315 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2238,7 +2238,6 @@ int ssl3_get_client_key_exchange(SSL *s) BIGNUM *pub = NULL; DH *dh_srvr, *dh_clnt = NULL; #endif - #ifndef OPENSSL_NO_EC EC_KEY *srvr_ecdh = NULL; EVP_PKEY *clnt_pub_pkey = NULL; @@ -2676,7 +2675,7 @@ int ssl3_get_client_key_exchange(SSL *s) psk_len = s->psk_server_callback(s, tmp_id, psk_or_pre_ms, sizeof(psk_or_pre_ms)); - OPENSSL_cleanse(tmp_id, PSK_MAX_IDENTITY_LEN + 1); + OPENSSL_cleanse(tmp_id, sizeof(tmp_id)); if (psk_len > PSK_MAX_PSK_LEN) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 8c53aa8acf..e410ff76f3 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -563,6 +563,10 @@ int tls1_change_cipher_state(SSL *s, int which) err: SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); err2: + OPENSSL_cleanse(tmp1, sizeof(tmp1)); + OPENSSL_cleanse(tmp2, sizeof(tmp1)); + OPENSSL_cleanse(iv1, sizeof(iv1)); + OPENSSL_cleanse(iv2, sizeof(iv2)); return (0); } @@ -721,7 +725,7 @@ int tls1_final_finish_mac(SSL *s, const char *str, int slen, return 0; OPENSSL_cleanse(hash, hashlen); OPENSSL_cleanse(buf2, sizeof(buf2)); - return sizeof buf2; + return sizeof(buf2); } int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, @@ -871,8 +875,6 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, NULL, 0, s->session->master_key, s->session->master_key_length, out, buff, olen); - OPENSSL_cleanse(val, vallen); - OPENSSL_cleanse(buff, olen); goto ret; err1: @@ -884,8 +886,8 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE); rv = 0; ret: - OPENSSL_free(buff); - OPENSSL_free(val); + CRYPTO_clear_free(val, vallen); + CRYPTO_clear_free(buff, olen); return (rv); }