summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/s3_lib.c5
-rw-r--r--src/lib/libssl/ssl_srvr.c11
2 files changed, 11 insertions, 5 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 2832ef4a93..dfd5893a2f 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.190 2020/01/30 17:09:23 jsing Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.191 2020/02/16 14:33:04 inoguchi Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1563,6 +1563,7 @@ ssl3_free(SSL *s)
1563 1563
1564 DH_free(S3I(s)->tmp.dh); 1564 DH_free(S3I(s)->tmp.dh);
1565 EC_KEY_free(S3I(s)->tmp.ecdh); 1565 EC_KEY_free(S3I(s)->tmp.ecdh);
1566 freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);
1566 1567
1567 tls13_key_share_free(S3I(s)->hs_tls13.key_share); 1568 tls13_key_share_free(S3I(s)->hs_tls13.key_share);
1568 tls13_secrets_destroy(S3I(s)->hs_tls13.secrets); 1569 tls13_secrets_destroy(S3I(s)->hs_tls13.secrets);
@@ -1596,6 +1597,8 @@ ssl3_clear(SSL *s)
1596 EC_KEY_free(S3I(s)->tmp.ecdh); 1597 EC_KEY_free(S3I(s)->tmp.ecdh);
1597 S3I(s)->tmp.ecdh = NULL; 1598 S3I(s)->tmp.ecdh = NULL;
1598 S3I(s)->tmp.ecdh_nid = NID_undef; 1599 S3I(s)->tmp.ecdh_nid = NID_undef;
1600 freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);
1601 S3I(s)->tmp.x25519 = NULL;
1599 1602
1600 freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); 1603 freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len);
1601 S3I(s)->hs.sigalgs = NULL; 1604 S3I(s)->hs.sigalgs = NULL;
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 843d2ee249..e55b6beed1 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.71 2020/01/30 16:25:09 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.72 2020/02/16 14:33:04 inoguchi Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1408,7 +1408,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1408static int 1408static int
1409ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb) 1409ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb)
1410{ 1410{
1411 uint8_t *public_key = NULL; 1411 uint8_t *public_key = NULL, *private_key = NULL;
1412 int curve_id; 1412 int curve_id;
1413 CBB ecpoint; 1413 CBB ecpoint;
1414 int ret = -1; 1414 int ret = -1;
@@ -1418,11 +1418,11 @@ ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb)
1418 SSLerror(s, ERR_R_INTERNAL_ERROR); 1418 SSLerror(s, ERR_R_INTERNAL_ERROR);
1419 goto err; 1419 goto err;
1420 } 1420 }
1421 if ((S3I(s)->tmp.x25519 = malloc(X25519_KEY_LENGTH)) == NULL) 1421 if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL)
1422 goto err; 1422 goto err;
1423 if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) 1423 if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL)
1424 goto err; 1424 goto err;
1425 X25519_keypair(public_key, S3I(s)->tmp.x25519); 1425 X25519_keypair(public_key, private_key);
1426 1426
1427 /* Serialize public key. */ 1427 /* Serialize public key. */
1428 if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) { 1428 if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) {
@@ -1441,10 +1441,13 @@ ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb)
1441 if (!CBB_flush(cbb)) 1441 if (!CBB_flush(cbb))
1442 goto err; 1442 goto err;
1443 1443
1444 S3I(s)->tmp.x25519 = private_key;
1445 private_key = NULL;
1444 ret = 1; 1446 ret = 1;
1445 1447
1446 err: 1448 err:
1447 free(public_key); 1449 free(public_key);
1450 freezero(private_key, X25519_KEY_LENGTH);
1448 1451
1449 return (ret); 1452 return (ret);
1450} 1453}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 19:47:43 +0000