diff options
Diffstat (limited to 'src/lib/libssl/tls13_record_layer.c')
| -rw-r--r-- | src/lib/libssl/tls13_record_layer.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c index 5c2c2116c0..bf605012b3 100644 --- a/src/lib/libssl/tls13_record_layer.c +++ b/src/lib/libssl/tls13_record_layer.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_record_layer.c,v 1.33 2020/05/03 15:57:25 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_record_layer.c,v 1.33.4.1 2020/08/10 18:59:47 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -435,6 +435,8 @@ tls13_record_layer_set_traffic_key(const EVP_AEAD *aead, EVP_AEAD_CTX *aead_ctx, | |||
| 435 | struct tls13_secret key = { .data = NULL, .len = 0 }; | 435 | struct tls13_secret key = { .data = NULL, .len = 0 }; |
| 436 | int ret = 0; | 436 | int ret = 0; |
| 437 | 437 | ||
| 438 | EVP_AEAD_CTX_cleanup(aead_ctx); | ||
| 439 | |||
| 438 | freezero(iv->data, iv->len); | 440 | freezero(iv->data, iv->len); |
| 439 | iv->data = NULL; | 441 | iv->data = NULL; |
| 440 | iv->len = 0; | 442 | iv->len = 0; |
| @@ -523,8 +525,9 @@ static int | |||
| 523 | tls13_record_layer_open_record_protected(struct tls13_record_layer *rl) | 525 | tls13_record_layer_open_record_protected(struct tls13_record_layer *rl) |
| 524 | { | 526 | { |
| 525 | CBS header, enc_record; | 527 | CBS header, enc_record; |
| 528 | ssize_t inner_len; | ||
| 526 | uint8_t *content = NULL; | 529 | uint8_t *content = NULL; |
| 527 | ssize_t content_len = 0; | 530 | size_t content_len = 0; |
| 528 | uint8_t content_type; | 531 | uint8_t content_type; |
| 529 | size_t out_len; | 532 | size_t out_len; |
| 530 | 533 | ||
| @@ -560,18 +563,18 @@ tls13_record_layer_open_record_protected(struct tls13_record_layer *rl) | |||
| 560 | * Time to hunt for that elusive content type! | 563 | * Time to hunt for that elusive content type! |
| 561 | */ | 564 | */ |
| 562 | /* XXX - CBS from end? CBS_get_end_u8()? */ | 565 | /* XXX - CBS from end? CBS_get_end_u8()? */ |
| 563 | content_len = out_len - 1; | 566 | inner_len = out_len - 1; |
| 564 | while (content_len >= 0 && content[content_len] == 0) | 567 | while (inner_len >= 0 && content[inner_len] == 0) |
| 565 | content_len--; | 568 | inner_len--; |
| 566 | if (content_len < 0) | 569 | if (inner_len < 0) |
| 567 | goto err; | 570 | goto err; |
| 568 | content_type = content[content_len]; | 571 | content_type = content[inner_len]; |
| 569 | 572 | ||
| 570 | tls13_record_layer_rbuf_free(rl); | 573 | tls13_record_layer_rbuf_free(rl); |
| 571 | 574 | ||
| 572 | rl->rbuf_content_type = content_type; | 575 | rl->rbuf_content_type = content_type; |
| 573 | rl->rbuf = content; | 576 | rl->rbuf = content; |
| 574 | rl->rbuf_len = content_len; | 577 | rl->rbuf_len = inner_len; |
| 575 | 578 | ||
| 576 | CBS_init(&rl->rbuf_cbs, rl->rbuf, rl->rbuf_len); | 579 | CBS_init(&rl->rbuf_cbs, rl->rbuf, rl->rbuf_len); |
| 577 | 580 | ||