diff options
| -rw-r--r-- | src/lib/libssl/tls13_record_layer.c | 32 |
1 files changed, 11 insertions, 21 deletions
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c index 6d3f3f4929..bbecc60674 100644 --- a/src/lib/libssl/tls13_record_layer.c +++ b/src/lib/libssl/tls13_record_layer.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_record_layer.c,v 1.57 2021/01/04 16:46:07 tb Exp $ */ | 1 | /* $OpenBSD: tls13_record_layer.c,v 1.58 2021/01/05 17:49:04 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -146,10 +146,10 @@ tls13_record_layer_free(struct tls13_record_layer *rl) | |||
| 146 | EVP_AEAD_CTX_cleanup(&rl->read_aead_ctx); | 146 | EVP_AEAD_CTX_cleanup(&rl->read_aead_ctx); |
| 147 | EVP_AEAD_CTX_cleanup(&rl->write_aead_ctx); | 147 | EVP_AEAD_CTX_cleanup(&rl->write_aead_ctx); |
| 148 | 148 | ||
| 149 | freezero(rl->read_iv.data, rl->read_iv.len); | 149 | tls13_secret_cleanup(&rl->read_iv); |
| 150 | freezero(rl->write_iv.data, rl->write_iv.len); | 150 | tls13_secret_cleanup(&rl->write_iv); |
| 151 | freezero(rl->read_nonce.data, rl->read_nonce.len); | 151 | tls13_secret_cleanup(&rl->read_nonce); |
| 152 | freezero(rl->write_nonce.data, rl->write_nonce.len); | 152 | tls13_secret_cleanup(&rl->write_nonce); |
| 153 | 153 | ||
| 154 | freezero(rl, sizeof(struct tls13_record_layer)); | 154 | freezero(rl, sizeof(struct tls13_record_layer)); |
| 155 | } | 155 | } |
| @@ -440,25 +440,15 @@ tls13_record_layer_set_traffic_key(const EVP_AEAD *aead, EVP_AEAD_CTX *aead_ctx, | |||
| 440 | 440 | ||
| 441 | EVP_AEAD_CTX_cleanup(aead_ctx); | 441 | EVP_AEAD_CTX_cleanup(aead_ctx); |
| 442 | 442 | ||
| 443 | freezero(iv->data, iv->len); | 443 | tls13_secret_cleanup(iv); |
| 444 | iv->data = NULL; | 444 | tls13_secret_cleanup(nonce); |
| 445 | iv->len = 0; | ||
| 446 | 445 | ||
| 447 | freezero(nonce->data, nonce->len); | 446 | if (!tls13_secret_init(iv, EVP_AEAD_nonce_length(aead))) |
| 448 | nonce->data = NULL; | ||
| 449 | nonce->len = 0; | ||
| 450 | |||
| 451 | if ((iv->data = calloc(1, EVP_AEAD_nonce_length(aead))) == NULL) | ||
| 452 | goto err; | 447 | goto err; |
| 453 | iv->len = EVP_AEAD_nonce_length(aead); | 448 | if (!tls13_secret_init(nonce, EVP_AEAD_nonce_length(aead))) |
| 454 | |||
| 455 | if ((nonce->data = calloc(1, EVP_AEAD_nonce_length(aead))) == NULL) | ||
| 456 | goto err; | 449 | goto err; |
| 457 | nonce->len = EVP_AEAD_nonce_length(aead); | 450 | if (!tls13_secret_init(&key, EVP_AEAD_key_length(aead))) |
| 458 | |||
| 459 | if ((key.data = calloc(1, EVP_AEAD_key_length(aead))) == NULL) | ||
| 460 | goto err; | 451 | goto err; |
| 461 | key.len = EVP_AEAD_key_length(aead); | ||
| 462 | 452 | ||
| 463 | if (!tls13_hkdf_expand_label(iv, hash, traffic_key, "iv", &context)) | 453 | if (!tls13_hkdf_expand_label(iv, hash, traffic_key, "iv", &context)) |
| 464 | goto err; | 454 | goto err; |
| @@ -472,7 +462,7 @@ tls13_record_layer_set_traffic_key(const EVP_AEAD *aead, EVP_AEAD_CTX *aead_ctx, | |||
| 472 | ret = 1; | 462 | ret = 1; |
| 473 | 463 | ||
| 474 | err: | 464 | err: |
| 475 | freezero(key.data, key.len); | 465 | tls13_secret_cleanup(&key); |
| 476 | 466 | ||
| 477 | return ret; | 467 | return ret; |
| 478 | } | 468 | } |