diff options
| author | jsing <> | 2021-01-28 18:32:46 +0000 |
|---|---|---|
| committer | jsing <> | 2021-01-28 18:32:46 +0000 |
| commit | 1b4674cad1c809bd02dfa208406b40dbdbbf1e57 (patch) | |
| tree | 01ab3012d4a5923694fe3cfbb5d996e236ad0d79 | |
| parent | 282f50c32f1cbabc77296f995bf1a6408dca06df (diff) | |
| download | openbsd-1b4674cad1c809bd02dfa208406b40dbdbbf1e57.tar.gz openbsd-1b4674cad1c809bd02dfa208406b40dbdbbf1e57.tar.bz2 openbsd-1b4674cad1c809bd02dfa208406b40dbdbbf1e57.zip | |
Remove direct assignment of aead_ctx.
Now that AEAD is handled internally, we should no longer be assigning
aead_ctx directly, as this will result in a leak. Missed during the
previous change.
| -rw-r--r-- | src/lib/libssl/tls12_record_layer.c | 20 |
1 files changed, 7 insertions, 13 deletions
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c index b74a6588ef..05465e430b 100644 --- a/src/lib/libssl/tls12_record_layer.c +++ b/src/lib/libssl/tls12_record_layer.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls12_record_layer.c,v 1.16 2021/01/28 17:00:39 jsing Exp $ */ | 1 | /* $OpenBSD: tls12_record_layer.c,v 1.17 2021/01/28 18:32:46 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -292,11 +292,8 @@ tls12_record_layer_write_epoch_done(struct tls12_record_layer *rl, uint16_t epoc | |||
| 292 | 292 | ||
| 293 | static void | 293 | static void |
| 294 | tls12_record_layer_set_read_state(struct tls12_record_layer *rl, | 294 | tls12_record_layer_set_read_state(struct tls12_record_layer *rl, |
| 295 | SSL_AEAD_CTX *aead_ctx, EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, | 295 | EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac) |
| 296 | int stream_mac) | ||
| 297 | { | 296 | { |
| 298 | rl->read->aead_ctx = aead_ctx; | ||
| 299 | |||
| 300 | rl->read->cipher_ctx = cipher_ctx; | 297 | rl->read->cipher_ctx = cipher_ctx; |
| 301 | rl->read->hash_ctx = hash_ctx; | 298 | rl->read->hash_ctx = hash_ctx; |
| 302 | rl->read->stream_mac = stream_mac; | 299 | rl->read->stream_mac = stream_mac; |
| @@ -304,11 +301,8 @@ tls12_record_layer_set_read_state(struct tls12_record_layer *rl, | |||
| 304 | 301 | ||
| 305 | static void | 302 | static void |
| 306 | tls12_record_layer_set_write_state(struct tls12_record_layer *rl, | 303 | tls12_record_layer_set_write_state(struct tls12_record_layer *rl, |
| 307 | SSL_AEAD_CTX *aead_ctx, EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, | 304 | EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac) |
| 308 | int stream_mac) | ||
| 309 | { | 305 | { |
| 310 | rl->write->aead_ctx = aead_ctx; | ||
| 311 | |||
| 312 | rl->write->cipher_ctx = cipher_ctx; | 306 | rl->write->cipher_ctx = cipher_ctx; |
| 313 | rl->write->hash_ctx = hash_ctx; | 307 | rl->write->hash_ctx = hash_ctx; |
| 314 | rl->write->stream_mac = stream_mac; | 308 | rl->write->stream_mac = stream_mac; |
| @@ -317,14 +311,14 @@ tls12_record_layer_set_write_state(struct tls12_record_layer *rl, | |||
| 317 | void | 311 | void |
| 318 | tls12_record_layer_clear_read_state(struct tls12_record_layer *rl) | 312 | tls12_record_layer_clear_read_state(struct tls12_record_layer *rl) |
| 319 | { | 313 | { |
| 320 | tls12_record_layer_set_read_state(rl, NULL, NULL, NULL, 0); | 314 | tls12_record_layer_set_read_state(rl, NULL, NULL, 0); |
| 321 | tls12_record_protection_clear(rl->read); | 315 | tls12_record_protection_clear(rl->read); |
| 322 | } | 316 | } |
| 323 | 317 | ||
| 324 | void | 318 | void |
| 325 | tls12_record_layer_clear_write_state(struct tls12_record_layer *rl) | 319 | tls12_record_layer_clear_write_state(struct tls12_record_layer *rl) |
| 326 | { | 320 | { |
| 327 | tls12_record_layer_set_write_state(rl, NULL, NULL, NULL, 0); | 321 | tls12_record_layer_set_write_state(rl, NULL, NULL, 0); |
| 328 | tls12_record_protection_clear(rl->write); | 322 | tls12_record_protection_clear(rl->write); |
| 329 | 323 | ||
| 330 | tls12_record_protection_free(rl->write_previous); | 324 | tls12_record_protection_free(rl->write_previous); |
| @@ -342,7 +336,7 @@ int | |||
| 342 | tls12_record_layer_set_read_cipher_hash(struct tls12_record_layer *rl, | 336 | tls12_record_layer_set_read_cipher_hash(struct tls12_record_layer *rl, |
| 343 | EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac) | 337 | EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac) |
| 344 | { | 338 | { |
| 345 | tls12_record_layer_set_read_state(rl, NULL, cipher_ctx, hash_ctx, | 339 | tls12_record_layer_set_read_state(rl, cipher_ctx, hash_ctx, |
| 346 | stream_mac); | 340 | stream_mac); |
| 347 | 341 | ||
| 348 | return 1; | 342 | return 1; |
| @@ -352,7 +346,7 @@ int | |||
| 352 | tls12_record_layer_set_write_cipher_hash(struct tls12_record_layer *rl, | 346 | tls12_record_layer_set_write_cipher_hash(struct tls12_record_layer *rl, |
| 353 | EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac) | 347 | EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac) |
| 354 | { | 348 | { |
| 355 | tls12_record_layer_set_write_state(rl, NULL, cipher_ctx, hash_ctx, | 349 | tls12_record_layer_set_write_state(rl, cipher_ctx, hash_ctx, |
| 356 | stream_mac); | 350 | stream_mac); |
| 357 | 351 | ||
| 358 | return 1; | 352 | return 1; |