1 files changed, 15 insertions, 11 deletions
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 60b4a389b7..41cb70d818 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.46 2020/05/19 01:30:34 beck Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.47 2020/05/21 19:15:54 tb Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -258,6 +258,7 @@ tls13_phh_limit_check(struct tls13_ctx *ctx)
 static ssize_t
 tls13_key_update_recv(struct tls13_ctx *ctx, CBS *cbs)
 {
+        struct tls13_handshake_msg *hs_msg = NULL;
        uint8_t alert = TLS13_ALERT_INTERNAL_ERROR;
        uint8_t key_update_request;
        ssize_t ret;
@@ -278,31 +279,34 @@ tls13_key_update_recv(struct tls13_ctx *ctx, CBS *cbs)
        if (!tls13_phh_update_peer_traffic_secret(ctx))
                goto err;
-        if (key_update_request) {
+        if (key_update_request == 1) {
                CBB cbb;
                CBS cbs; /* XXX */
-                tls13_handshake_msg_free(ctx->hs_msg);
+                if ((hs_msg = tls13_handshake_msg_new()) == NULL)
-                ctx->hs_msg = tls13_handshake_msg_new();
+                        goto err;
+                if (!tls13_handshake_msg_start(hs_msg, &cbb,
-                if (!tls13_handshake_msg_start(ctx->hs_msg, &cbb, TLS13_MT_KEY_UPDATE))
+                    TLS13_MT_KEY_UPDATE))
                        goto err;
                if (!CBB_add_u8(&cbb, 0))
                        goto err;
-                if (!tls13_handshake_msg_finish(ctx->hs_msg))
+                if (!tls13_handshake_msg_finish(hs_msg))
                        goto err;
-                ctx->key_update_request = key_update_request;
+                ctx->key_update_request = 1;
-                tls13_handshake_msg_data(ctx->hs_msg, &cbs);
+                tls13_handshake_msg_data(hs_msg, &cbs);
                ret = tls13_record_layer_phh(ctx->rl, &cbs);
-                tls13_handshake_msg_free(ctx->hs_msg);
+                tls13_handshake_msg_free(hs_msg);
-                ctx->hs_msg = NULL;
+                hs_msg = NULL;
        } else
                ret = TLS13_IO_SUCCESS;
        return ret;
 err:
+        tls13_handshake_msg_free(hs_msg);
        return tls13_send_alert(ctx->rl, alert);
 }

diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index 60b4a389b7..41cb70d818 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_lib.c,v 1.46 2020/05/19 01:30:34 beck Exp $ */	1	/* $OpenBSD: tls13_lib.c,v 1.47 2020/05/21 19:15:54 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2019 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -258,6 +258,7 @@ tls13_phh_limit_check(struct tls13_ctx *ctx)
258	static ssize_t	258	static ssize_t
259	tls13_key_update_recv(struct tls13_ctx ctx, CBS cbs)	259	tls13_key_update_recv(struct tls13_ctx ctx, CBS cbs)
260	{	260	{
		261	struct tls13_handshake_msg *hs_msg = NULL;
261	uint8_t alert = TLS13_ALERT_INTERNAL_ERROR;	262	uint8_t alert = TLS13_ALERT_INTERNAL_ERROR;
262	uint8_t key_update_request;	263	uint8_t key_update_request;
263	ssize_t ret;	264	ssize_t ret;
@@ -278,31 +279,34 @@ tls13_key_update_recv(struct tls13_ctx ctx, CBS cbs)
278	if (!tls13_phh_update_peer_traffic_secret(ctx))	279	if (!tls13_phh_update_peer_traffic_secret(ctx))
279	goto err;	280	goto err;
280		281
281	if (key_update_request) {	282	if (key_update_request == 1) {
282	CBB cbb;	283	CBB cbb;
283	CBS cbs; /* XXX */	284	CBS cbs; /* XXX */
284		285
285	tls13_handshake_msg_free(ctx->hs_msg);	286	if ((hs_msg = tls13_handshake_msg_new()) == NULL)
286	ctx->hs_msg = tls13_handshake_msg_new();	287	goto err;
287		288	if (!tls13_handshake_msg_start(hs_msg, &cbb,
288	if (!tls13_handshake_msg_start(ctx->hs_msg, &cbb, TLS13_MT_KEY_UPDATE))	289	TLS13_MT_KEY_UPDATE))
289	goto err;	290	goto err;
290	if (!CBB_add_u8(&cbb, 0))	291	if (!CBB_add_u8(&cbb, 0))
291	goto err;	292	goto err;
292	if (!tls13_handshake_msg_finish(ctx->hs_msg))	293	if (!tls13_handshake_msg_finish(hs_msg))
293	goto err;	294	goto err;
294		295
295	ctx->key_update_request = key_update_request;	296	ctx->key_update_request = 1;
296	tls13_handshake_msg_data(ctx->hs_msg, &cbs);	297	tls13_handshake_msg_data(hs_msg, &cbs);
297	ret = tls13_record_layer_phh(ctx->rl, &cbs);	298	ret = tls13_record_layer_phh(ctx->rl, &cbs);
298		299
299	tls13_handshake_msg_free(ctx->hs_msg);	300	tls13_handshake_msg_free(hs_msg);
300	ctx->hs_msg = NULL;	301	hs_msg = NULL;
301	} else	302	} else
302	ret = TLS13_IO_SUCCESS;	303	ret = TLS13_IO_SUCCESS;
303		304
304	return ret;	305	return ret;
		306
305	err:	307	err:
		308	tls13_handshake_msg_free(hs_msg);
		309
306	return tls13_send_alert(ctx->rl, alert);	310	return tls13_send_alert(ctx->rl, alert);
307	}	311	}
308		312