openssl/ssl
Diego Santa Cruz 135976b3dd Use memset to clear SRP_CTX instead of NULL and zero assignments
This uses memset() to clear all of the SRP_CTX when free'ing or
initializing it as well as in error paths instead of having a series
of NULL and zero assignments as it is safer.

It also changes SSL_SRP_CTX_init() to reset all the SRP_CTX to zero
in case or error, previously it could retain pointers to freed
memory, potentially leading to a double free.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3467)
2017-06-08 20:59:24 +01:00
..
record Fix #2400 Add NO_RENEGOTIATE option 2017-06-06 22:39:41 +01:00
statem Fix #2400 Add NO_RENEGOTIATE option 2017-06-06 22:39:41 +01:00
bio_ssl.c Get pointer type right in BIO_ssl_shutdown() 2017-03-07 09:56:49 -05:00
build.info Move ssl/t1_ext.c to ssl/statem/extensions_cust.c 2017-04-07 13:41:04 +01:00
d1_lib.c Convert existing usage of assert() to ossl_assert() in libssl 2017-05-22 14:00:43 +01:00
d1_msg.c Remove special case code for SCTP reneg handling 2017-04-25 11:13:39 +01:00
d1_srtp.c Move client parsing of ServerHello extensions into new framework 2016-12-08 17:18:25 +00:00
methods.c Add the SSL_METHOD for TLSv1.3 and all other base changes required 2016-11-02 13:08:21 +00:00
packet_locl.h TLS1.3 Padding 2017-05-02 09:44:43 +01:00
packet.c Convert existing usage of assert() to ossl_assert() in libssl 2017-05-22 14:00:43 +01:00
pqueue.c Fix a missed size_t variable declaration 2016-11-04 12:09:46 +00:00
s3_cbc.c Convert existing usage of assert() to ossl_assert() in libssl 2017-05-22 14:00:43 +01:00
s3_enc.c Replace instances of OPENSSL_assert() with soft asserts in libssl 2017-05-22 14:00:19 +01:00
s3_lib.c Make SRP_CTX.info ownership and lifetime be the same as SRP_CTX.login. 2017-06-08 20:59:00 +01:00
s3_msg.c Always flush the BIO when we send any alert 2017-06-06 22:39:41 +01:00
ssl_asn1.c ASN.1: adapt our use of INTxx et al by making them explicitely embedded 2017-04-13 10:23:31 +02:00
ssl_cert.c Ignore dups in X509_STORE_add_* 2017-04-20 15:33:42 -04:00
ssl_ciph.c Replace instances of OPENSSL_assert() with soft asserts in libssl 2017-05-22 14:00:19 +01:00
ssl_conf.c Fix #2400 Add NO_RENEGOTIATE option 2017-06-06 22:39:41 +01:00
ssl_err.c make error tables const and separate header file 2017-06-07 15:12:03 -04:00
ssl_init.c Convert existing usage of assert() to ossl_assert() in libssl 2017-05-22 14:00:43 +01:00
ssl_lib.c Fix #2400 Add NO_RENEGOTIATE option 2017-06-06 22:39:41 +01:00
ssl_locl.h Add back support for SHA224 based sig algs 2017-06-08 17:37:02 +01:00
ssl_mcnf.c Fix misc size_t issues causing Windows warnings in 64 bit 2016-11-04 12:09:46 +00:00
ssl_rsa.c Try to be more consistent about the alerts we send 2017-05-19 08:47:08 +01:00
ssl_sess.c Fix ex_data and session_dup issues 2017-06-02 12:11:38 -04:00
ssl_stat.c Add missing debug strings. 2016-09-07 16:08:38 -04:00
ssl_txt.c Move extension data into sub-structs 2017-01-09 22:26:47 -05:00
ssl_utst.c Remove heartbeat support 2016-11-13 16:24:02 -05:00
t1_enc.c Remove support for OPENSSL_SSL_TRACE_CRYPTO 2017-05-08 11:42:37 +01:00
t1_lib.c Add back support for SHA224 based sig algs 2017-06-08 17:37:02 +01:00
t1_trce.c Add back support for SHA224 based sig algs 2017-06-08 17:37:02 +01:00
tls13_enc.c Remove support for OPENSSL_SSL_TRACE_CRYPTO 2017-05-08 11:42:37 +01:00
tls_srp.c Use memset to clear SRP_CTX instead of NULL and zero assignments 2017-06-08 20:59:24 +01:00