From 9ef9f06708ef4fe615f3485f5d82f3fb919fdf03 Mon Sep 17 00:00:00 2001
From: miod <>
Date: Fri, 13 Jun 2014 04:29:13 +0000
Subject: Remove support for the `opaque PRF input' extension, which draft has
 expired 7 years ago and never made it into an RFC. That code wasn't compiled
 in anyway unless one would define the actual on-the-wire extension id bytes;
 crank libssl major.

With help and enlightenment from Brendan MacDonell.
---
 src/lib/libssl/d1_lib.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/d1_lib.c')

diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 0b7c6404c5..13c93a77cf 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.19 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.20 2014/06/13 04:29:13 miod Exp $ */
 /* 
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
@@ -135,6 +135,7 @@ dtls1_new(SSL *s)
 		if (d1->buffered_app_data.q)
 			pqueue_free(d1->buffered_app_data.q);
 		free(d1);
+		ssl3_free(s);
 		return (0);
 	}
 
@@ -199,6 +200,7 @@ dtls1_free(SSL *s)
 	pqueue_free(s->d1->sent_messages);
 	pqueue_free(s->d1->buffered_app_data.q);
 
+	OPENSSL_cleanse(s->d1, sizeof *s->d1);
 	free(s->d1);
 	s->d1 = NULL;
 }
-- 
cgit v1.2.3-55-g6feb