From 10e3b663a1750bc234861ed33ad78e8088b5cb47 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Thu, 24 Jan 2019 02:56:41 +0000
Subject: Add server side of versions, keyshare, and client and server of
 cookie extensions for tls1.3. versions is currently defanged to ignore its
 result until tls13 server side wired in full, so that server side code still
 works today when we only support tls 1.2 ok bcook@ tb@ jsing@

---
 src/lib/libssl/s3_lib.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/s3_lib.c')

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 36142f0415..6e4e8eb1d3 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.181 2019/01/24 01:50:41 beck Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.182 2019/01/24 02:56:41 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1569,6 +1569,7 @@ ssl3_free(SSL *s)
 	freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH);
 	freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH);
 	freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH);
+	freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len);
 
 	sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
 
@@ -1605,6 +1606,9 @@ ssl3_clear(SSL *s)
 	freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH);
 	freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH);
 	freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH);
+	freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len);
+	S3I(s)->hs_tls13.cookie = NULL;
+	S3I(s)->hs_tls13.cookie_len = 0;
 
 	S3I(s)->hs.extensions_seen = 0;
 
-- 
cgit v1.2.3-55-g6feb