diff options
| author | beck <> | 2019-01-24 02:56:41 +0000 |
|---|---|---|
| committer | beck <> | 2019-01-24 02:56:41 +0000 |
| commit | 10e3b663a1750bc234861ed33ad78e8088b5cb47 (patch) | |
| tree | eaf3f613ad96dff5f56e2d992bfb0ad1b7457dac /src/lib/libssl/s3_lib.c | |
| parent | 354172b127820c0f48cb417d4d46746e2122f87b (diff) | |
| download | openbsd-10e3b663a1750bc234861ed33ad78e8088b5cb47.tar.gz openbsd-10e3b663a1750bc234861ed33ad78e8088b5cb47.tar.bz2 openbsd-10e3b663a1750bc234861ed33ad78e8088b5cb47.zip | |
Add server side of versions, keyshare, and client and server of cookie
extensions for tls1.3.
versions is currently defanged to ignore its result until tls13 server
side wired in full, so that server side code still works today when
we only support tls 1.2
ok bcook@ tb@ jsing@
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 36142f0415..6e4e8eb1d3 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.181 2019/01/24 01:50:41 beck Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.182 2019/01/24 02:56:41 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1569,6 +1569,7 @@ ssl3_free(SSL *s) | |||
| 1569 | freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); | 1569 | freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); |
| 1570 | freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); | 1570 | freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); |
| 1571 | freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH); | 1571 | freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH); |
| 1572 | freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); | ||
| 1572 | 1573 | ||
| 1573 | sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); | 1574 | sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); |
| 1574 | 1575 | ||
| @@ -1605,6 +1606,9 @@ ssl3_clear(SSL *s) | |||
| 1605 | freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); | 1606 | freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); |
| 1606 | freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); | 1607 | freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); |
| 1607 | freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH); | 1608 | freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH); |
| 1609 | freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); | ||
| 1610 | S3I(s)->hs_tls13.cookie = NULL; | ||
| 1611 | S3I(s)->hs_tls13.cookie_len = 0; | ||
| 1608 | 1612 | ||
| 1609 | S3I(s)->hs.extensions_seen = 0; | 1613 | S3I(s)->hs.extensions_seen = 0; |
| 1610 | 1614 | ||