summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>2024-05-07 21:18:44 +0200
committerMatt Caswell <matt@openssl.org>2024-05-10 09:01:07 +0100
commite1bd225a5dec0713c15e56367e1f7c5202dc274d (patch)
treec0789d48c1b1ec2149e380ccf004ec6bbb3b55cb
parent35306a2929d7c462ecb550e801bca2a88dcadcd7 (diff)
Clear old messages from queues in order to avoid leaks of record layer objects.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22275)
Diffstat
-rw-r--r--ssl/tls13_enc.c8
-rw-r--r--test/tls13secretstest.c8
2 files changed, 16 insertions, 0 deletions
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index cacce45b00..c15fa5aa9e 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -719,6 +719,14 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
? OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE
: OSSL_RECORD_PROTECTION_LEVEL_APPLICATION);
+ if (SSL_CONNECTION_IS_DTLS(s)) {
+ /* We have moved to the next flight lets clear out old messages */
+ if (direction == OSSL_RECORD_DIRECTION_READ)
+ dtls1_clear_received_buffer(s);
+ else
+ dtls1_clear_sent_buffer(s);
+ }
+
if (!ssl_set_new_record_layer(s, s->version,
direction,
level, secret, hashlen, key, keylen, iv,
diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c
index 352c1898ad..54dc86b694 100644
--- a/test/tls13secretstest.c
+++ b/test/tls13secretstest.c
@@ -229,6 +229,14 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, int direction,
return 0;
}
+void dtls1_clear_received_buffer(SSL_CONNECTION *s)
+{
+}
+
+void dtls1_clear_sent_buffer(SSL_CONNECTION *s)
+{
+}
+
/* End of mocked out code */
static int test_secret(SSL_CONNECTION *s, unsigned char *prk,
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-28 03:09:21 +0000