Zero the tls12_record_protection struct instead of individual fields.

In tls12_record_protection_clear(), rather than zeroing or NULLing individual fields once a pointer has been freed, zero the entire struct once the pointers have been dealt with. ok tb@
author: jsing <> 2021-05-16 15:21:10 +0000
committer: jsing <> 2021-05-16 15:21:10 +0000
commit: b956c8af241e4753537f76407af2e8b3afabd2f6 (patch)
tree: ddca7e61a4850a873308ec3e1f3745042a55fe6f /src/lib
parent: c475379847ceff94503ac3229a8376c8334f6693 (diff)
download: openbsd-b956c8af241e4753537f76407af2e8b3afabd2f6.tar.gz
openbsd-b956c8af241e4753537f76407af2e8b3afabd2f6.tar.bz2
openbsd-b956c8af241e4753537f76407af2e8b3afabd2f6.zip
1 files changed, 3 insertions, 9 deletions
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c
index 652ca873a6..82a14f7147 100644
--- a/src/lib/libssl/tls12_record_layer.c
+++ b/src/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls12_record_layer.c,v 1.28 2021/05/05 19:52:00 jsing Exp $ */
+/* $OpenBSD: tls12_record_layer.c,v 1.29 2021/05/16 15:21:10 jsing Exp $ */
 /*
 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
 *
@@ -48,23 +48,17 @@ tls12_record_protection_new(void)
 static void
 tls12_record_protection_clear(struct tls12_record_protection *rp)
 {
-        memset(rp->seq_num, 0, sizeof(rp->seq_num));
        if (rp->aead_ctx != NULL) {
                EVP_AEAD_CTX_cleanup(&rp->aead_ctx->ctx);
                freezero(rp->aead_ctx, sizeof(*rp->aead_ctx));
-                rp->aead_ctx = NULL;
        }
        EVP_CIPHER_CTX_free(rp->cipher_ctx);
-        rp->cipher_ctx = NULL;
        EVP_MD_CTX_free(rp->hash_ctx);
-        rp->hash_ctx = NULL;
        freezero(rp->mac_key, rp->mac_key_len);
-        rp->mac_key = NULL;
-        rp->mac_key_len = 0;
+        memset(rp, 0, sizeof(*rp));
 }
 static void
author	jsing <>	2021-05-16 15:21:10 +0000
committer	jsing <>	2021-05-16 15:21:10 +0000
commit	b956c8af241e4753537f76407af2e8b3afabd2f6 (patch)
tree	ddca7e61a4850a873308ec3e1f3745042a55fe6f /src/lib
parent	c475379847ceff94503ac3229a8376c8334f6693 (diff)
download	openbsd-b956c8af241e4753537f76407af2e8b3afabd2f6.tar.gz openbsd-b956c8af241e4753537f76407af2e8b3afabd2f6.tar.bz2 openbsd-b956c8af241e4753537f76407af2e8b3afabd2f6.zip

diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c index 652ca873a6..82a14f7147 100644 --- a/src/lib/libssl/tls12_record_layer.c +++ b/src/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls12_record_layer.c,v 1.28 2021/05/05 19:52:00 jsing Exp $ */	1	/* $OpenBSD: tls12_record_layer.c,v 1.29 2021/05/16 15:21:10 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -48,23 +48,17 @@ tls12_record_protection_new(void)
48	static void	48	static void
49	tls12_record_protection_clear(struct tls12_record_protection *rp)	49	tls12_record_protection_clear(struct tls12_record_protection *rp)
50	{	50	{
51	memset(rp->seq_num, 0, sizeof(rp->seq_num));
52
53	if (rp->aead_ctx != NULL) {	51	if (rp->aead_ctx != NULL) {
54	EVP_AEAD_CTX_cleanup(&rp->aead_ctx->ctx);	52	EVP_AEAD_CTX_cleanup(&rp->aead_ctx->ctx);
55	freezero(rp->aead_ctx, sizeof(*rp->aead_ctx));	53	freezero(rp->aead_ctx, sizeof(*rp->aead_ctx));
56	rp->aead_ctx = NULL;
57	}	54	}
58		55
59	EVP_CIPHER_CTX_free(rp->cipher_ctx);	56	EVP_CIPHER_CTX_free(rp->cipher_ctx);
60	rp->cipher_ctx = NULL;
61
62	EVP_MD_CTX_free(rp->hash_ctx);	57	EVP_MD_CTX_free(rp->hash_ctx);
63	rp->hash_ctx = NULL;
64		58
65	freezero(rp->mac_key, rp->mac_key_len);	59	freezero(rp->mac_key, rp->mac_key_len);
66	rp->mac_key = NULL;	60
67	rp->mac_key_len = 0;	61	memset(rp, 0, sizeof(*rp));
68	}	62	}
69		63
70	static void	64	static void