diff options
| author | beck <> | 2020-06-06 01:40:09 +0000 |
|---|---|---|
| committer | beck <> | 2020-06-06 01:40:09 +0000 |
| commit | 5c5463afc09ad28dc5717f3c90e5fb9e9f4ffa60 (patch) | |
| tree | 921562c039b5a27a1e18f71fe397784a1d3435d3 /src/lib/libssl/s3_lib.c | |
| parent | a6cda271c8a6d54db86ab3cb8d7586a529351181 (diff) | |
| download | openbsd-5c5463afc09ad28dc5717f3c90e5fb9e9f4ffa60.tar.gz openbsd-5c5463afc09ad28dc5717f3c90e5fb9e9f4ffa60.tar.bz2 openbsd-5c5463afc09ad28dc5717f3c90e5fb9e9f4ffa60.zip | |
Implement a rolling hash of the ClientHello message, Enforce RFC 8446
section 4.1.2 to ensure subsequent ClientHello messages after a
HelloRetryRequest messages must be unchanged from the initial
ClientHello.
ok tb@ jsing@
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index e2fef72588..c2cf922973 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.195 2020/06/05 18:14:05 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.196 2020/06/06 01:40:08 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1568,6 +1568,7 @@ ssl3_free(SSL *s) | |||
| 1568 | tls13_key_share_free(S3I(s)->hs_tls13.key_share); | 1568 | tls13_key_share_free(S3I(s)->hs_tls13.key_share); |
| 1569 | tls13_secrets_destroy(S3I(s)->hs_tls13.secrets); | 1569 | tls13_secrets_destroy(S3I(s)->hs_tls13.secrets); |
| 1570 | freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); | 1570 | freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); |
| 1571 | tls13_clienthello_hash_clear(&S3I(s)->hs_tls13); | ||
| 1571 | 1572 | ||
| 1572 | sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); | 1573 | sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); |
| 1573 | 1574 | ||
| @@ -1612,6 +1613,7 @@ ssl3_clear(SSL *s) | |||
| 1612 | freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); | 1613 | freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); |
| 1613 | S3I(s)->hs_tls13.cookie = NULL; | 1614 | S3I(s)->hs_tls13.cookie = NULL; |
| 1614 | S3I(s)->hs_tls13.cookie_len = 0; | 1615 | S3I(s)->hs_tls13.cookie_len = 0; |
| 1616 | tls13_clienthello_hash_clear(&S3I(s)->hs_tls13); | ||
| 1615 | 1617 | ||
| 1616 | S3I(s)->hs.extensions_seen = 0; | 1618 | S3I(s)->hs.extensions_seen = 0; |
| 1617 | 1619 | ||