mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-30 14:01:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Cleanse the SSLv3 MAC secret when we clean up the read record layer

Browse Source 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
This commit is contained in:
Matt Caswell 2022-07-22 14:16:33 +01:00
parent cffafb5f57
commit c77d455673
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/record/methods/tls_common.c
View File

@ -1198,7 +1198,6 @@ tls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
static void tls_int_free(OSSL_RECORD_LAYER *rl)
{
/* TODO(RECLAYER): Cleanse sensitive fields */
BIO_free(rl->prev);
BIO_free(rl->bio);
BIO_free(rl->next);
@ -1210,6 +1209,9 @@ static void tls_int_free(OSSL_RECORD_LAYER *rl)
COMP_CTX_free(rl->expand);
#endif
if (rl->version == SSL3_VERSION)
OPENSSL_cleanse(rl->mac_secret, sizeof(rl->mac_secret));
OPENSSL_free(rl);
}