diff options
author | Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk> | 2024-05-07 21:18:44 +0200 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2024-05-10 09:01:07 +0100 |
commit | e1bd225a5dec0713c15e56367e1f7c5202dc274d (patch) | |
tree | c0789d48c1b1ec2149e380ccf004ec6bbb3b55cb | |
parent | 35306a2929d7c462ecb550e801bca2a88dcadcd7 (diff) |
Clear old messages from queues in order to avoid leaks of record layer objects.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
-rw-r--r-- | ssl/tls13_enc.c | 8 | ||||
-rw-r--r-- | test/tls13secretstest.c | 8 |
2 files changed, 16 insertions, 0 deletions
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index cacce45b00..c15fa5aa9e 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -719,6 +719,14 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which) ? OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE : OSSL_RECORD_PROTECTION_LEVEL_APPLICATION); + if (SSL_CONNECTION_IS_DTLS(s)) { + /* We have moved to the next flight lets clear out old messages */ + if (direction == OSSL_RECORD_DIRECTION_READ) + dtls1_clear_received_buffer(s); + else + dtls1_clear_sent_buffer(s); + } + if (!ssl_set_new_record_layer(s, s->version, direction, level, secret, hashlen, key, keylen, iv, diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c index 352c1898ad..54dc86b694 100644 --- a/test/tls13secretstest.c +++ b/test/tls13secretstest.c @@ -229,6 +229,14 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, int direction, return 0; } +void dtls1_clear_received_buffer(SSL_CONNECTION *s) +{ +} + +void dtls1_clear_sent_buffer(SSL_CONNECTION *s) +{ +} + /* End of mocked out code */ static int test_secret(SSL_CONNECTION *s, unsigned char *prk, |