diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-06-21 16:26:08 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-06-22 13:52:24 +0100 |
commit | 8d92c1f8a381a3be7fe5b3a2c2aa9bfce22f5c72 (patch) | |
tree | 838ba43698584d2d6ba161afed5a37a48896967a /ssl/s3_lib.c | |
parent | 7fba8407cc72e09dbd8d768100617286b0740b03 (diff) | |
download | openssl-8d92c1f8a381a3be7fe5b3a2c2aa9bfce22f5c72.zip openssl-8d92c1f8a381a3be7fe5b3a2c2aa9bfce22f5c72.tar.gz openssl-8d92c1f8a381a3be7fe5b3a2c2aa9bfce22f5c72.tar.bz2 |
Remove peer temp keys from SESS_CERT
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r-- | ssl/s3_lib.c | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 0307801..ad413aa 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2894,11 +2894,17 @@ void ssl3_free(SSL *s) return; ssl3_cleanup_key_block(s); + +#ifndef OPENSSL_NO_RSA + RSA_free(s->s3->peer_rsa_tmp); +#endif #ifndef OPENSSL_NO_DH DH_free(s->s3->tmp.dh); + DH_free(s->s3->peer_dh_tmp); #endif #ifndef OPENSSL_NO_EC EC_KEY_free(s->s3->tmp.ecdh); + EC_KEY_free(s->s3->peer_ecdh_tmp); #endif sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); @@ -2929,13 +2935,22 @@ void ssl3_clear(SSL *s) OPENSSL_free(s->s3->tmp.peer_sigalgs); s->s3->tmp.peer_sigalgs = NULL; +#ifndef OPENSSL_NO_RSA + RSA_free(s->s3->peer_rsa_tmp); + s->s3->peer_rsa_tmp = NULL; +#endif + #ifndef OPENSSL_NO_DH DH_free(s->s3->tmp.dh); s->s3->tmp.dh = NULL; + DH_free(s->s3->peer_dh_tmp); + s->s3->peer_dh_tmp = NULL; #endif #ifndef OPENSSL_NO_EC EC_KEY_free(s->s3->tmp.ecdh); s->s3->tmp.ecdh = NULL; + EC_KEY_free(s->s3->peer_ecdh_tmp); + s->s3->peer_ecdh_tmp = NULL; s->s3->is_probably_safari = 0; #endif /* !OPENSSL_NO_EC */ @@ -3330,28 +3345,26 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) if (s->server || !s->session || !s->session->sess_cert) return 0; else { - SESS_CERT *sc; EVP_PKEY *ptmp; int rv = 0; - sc = s->session->sess_cert; #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) - if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp) + if (!s->s3->peer_rsa_tmp && !s->s3->peer_dh_tmp && !s->s3->peer_ecdh_tmp) return 0; #endif ptmp = EVP_PKEY_new(); if (!ptmp) return 0; #ifndef OPENSSL_NO_RSA - else if (sc->peer_rsa_tmp) - rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp); + else if (s->s3->peer_rsa_tmp) + rv = EVP_PKEY_set1_RSA(ptmp, s->s3->peer_rsa_tmp); #endif #ifndef OPENSSL_NO_DH - else if (sc->peer_dh_tmp) - rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp); + else if (s->s3->peer_dh_tmp) + rv = EVP_PKEY_set1_DH(ptmp, s->s3->peer_dh_tmp); #endif #ifndef OPENSSL_NO_EC - else if (sc->peer_ecdh_tmp) - rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp); + else if (s->s3->peer_ecdh_tmp) + rv = EVP_PKEY_set1_EC_KEY(ptmp, s->s3->peer_ecdh_tmp); #endif if (rv) { *(EVP_PKEY **)parg = ptmp; |