diff options
author | Matt Caswell <matt@openssl.org> | 2022-07-22 14:16:33 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2022-08-18 16:38:13 +0100 |
commit | c77d4556732e2e41e975211498406c777136fbaa (patch) | |
tree | 7628cac0850b62058e2635ca56385185b588eebe /ssl | |
parent | cffafb5f57da07d90b23d0bc215371078d1ecbef (diff) |
Cleanse the SSLv3 MAC secret when we clean up the read record layer
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/record/methods/tls_common.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index 0f56db5881..8b541061ba 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -1198,7 +1198,6 @@ tls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers, static void tls_int_free(OSSL_RECORD_LAYER *rl) { - /* TODO(RECLAYER): Cleanse sensitive fields */ BIO_free(rl->prev); BIO_free(rl->bio); BIO_free(rl->next); @@ -1210,6 +1209,9 @@ static void tls_int_free(OSSL_RECORD_LAYER *rl) COMP_CTX_free(rl->expand); #endif + if (rl->version == SSL3_VERSION) + OPENSSL_cleanse(rl->mac_secret, sizeof(rl->mac_secret)); + OPENSSL_free(rl); } |