diff options
| author | jsing <> | 2019-01-21 01:20:11 +0000 |
|---|---|---|
| committer | jsing <> | 2019-01-21 01:20:11 +0000 |
| commit | 3db259d053fdb4d23fe6f54a84a155804891e690 (patch) | |
| tree | 00690b7234ad75d1c26b36b32d6144f0e7cf87f8 /src/lib/libssl/s3_lib.c | |
| parent | 04431c78a026e592a5aba1e6266fe5628f12c2a7 (diff) | |
| download | openbsd-3db259d053fdb4d23fe6f54a84a155804891e690.tar.gz openbsd-3db259d053fdb4d23fe6f54a84a155804891e690.tar.bz2 openbsd-3db259d053fdb4d23fe6f54a84a155804891e690.zip | |
Ensure we free TLS 1.3 handshake state.
There is no guarantee that ssl3_clear() is called before ssl3_free(), so
free things here. Also move the chunk in ssl3_clear() up so that it is with
the "free" code rather than the "reinit" code.
ok beck@ tb@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 0761c5b5ce..9e4998cb42 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.177 2019/01/18 12:09:52 beck Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.178 2019/01/21 01:20:11 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1565,6 +1565,11 @@ ssl3_free(SSL *s) | |||
| 1565 | 1565 | ||
| 1566 | freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); | 1566 | freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); |
| 1567 | 1567 | ||
| 1568 | tls13_secrets_destroy(S3I(s)->hs_tls13.secrets); | ||
| 1569 | freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); | ||
| 1570 | freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); | ||
| 1571 | freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH); | ||
| 1572 | |||
| 1568 | sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); | 1573 | sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); |
| 1569 | 1574 | ||
| 1570 | tls1_transcript_free(s); | 1575 | tls1_transcript_free(s); |
| @@ -1596,6 +1601,11 @@ ssl3_clear(SSL *s) | |||
| 1596 | freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); | 1601 | freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); |
| 1597 | S3I(s)->tmp.x25519 = NULL; | 1602 | S3I(s)->tmp.x25519 = NULL; |
| 1598 | 1603 | ||
| 1604 | tls13_secrets_destroy(S3I(s)->hs_tls13.secrets); | ||
| 1605 | freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); | ||
| 1606 | freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); | ||
| 1607 | freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH); | ||
| 1608 | |||
| 1599 | rp = S3I(s)->rbuf.buf; | 1609 | rp = S3I(s)->rbuf.buf; |
| 1600 | wp = S3I(s)->wbuf.buf; | 1610 | wp = S3I(s)->wbuf.buf; |
| 1601 | rlen = S3I(s)->rbuf.len; | 1611 | rlen = S3I(s)->rbuf.len; |
| @@ -1627,11 +1637,6 @@ ssl3_clear(SSL *s) | |||
| 1627 | 1637 | ||
| 1628 | s->internal->packet_length = 0; | 1638 | s->internal->packet_length = 0; |
| 1629 | s->version = TLS1_VERSION; | 1639 | s->version = TLS1_VERSION; |
| 1630 | |||
| 1631 | tls13_secrets_destroy(S3I(s)->hs_tls13.secrets); | ||
| 1632 | freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); | ||
| 1633 | freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); | ||
| 1634 | freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH); | ||
| 1635 | } | 1640 | } |
| 1636 | 1641 | ||
| 1637 | static long | 1642 | static long |