Loading apps/s_server.c +4 −0 Original line number Diff line number Diff line Loading @@ -553,6 +553,10 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx, err: ret = SSL_TLSEXT_ERR_ALERT_FATAL; done: /* * If we parsed aia we need to free; otherwise they were copied and we * don't */ if (aia != NULL) { OPENSSL_free(host); OPENSSL_free(path); Loading ssl/statem/statem_clnt.c +2 −3 Original line number Diff line number Diff line Loading @@ -2190,9 +2190,8 @@ MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt) /* * Perform miscellaneous checks and processing after we have received the * server's initial flight. In TLS1.3 this is after the Server Finished message. * In <=TLS1.2 this is after the ServerDone message. * * Returns 1 on success or 0 on failure. * In <=TLS1.2 this is after the ServerDone message. Returns 1 on success or 0 * on failure. */ int tls_process_initial_server_flight(SSL *s, int *al) { Loading ssl/tls13_enc.c +3 −5 Original line number Diff line number Diff line Loading @@ -293,6 +293,7 @@ int tls13_change_cipher_state(SSL *s, int which) size_t ivlen, keylen, finsecretlen; const unsigned char *label; size_t labellen; int ret = 0; if (which & SSL3_CC_READ) { if (s->enc_read_ctx != NULL) { Loading Loading @@ -427,14 +428,11 @@ int tls13_change_cipher_state(SSL *s, int which) } #endif OPENSSL_cleanse(secret, sizeof(secret)); OPENSSL_cleanse(key, sizeof(key)); OPENSSL_cleanse(iv, sizeof(iv)); return 1; ret = 1; err: OPENSSL_cleanse(secret, sizeof(secret)); OPENSSL_cleanse(key, sizeof(key)); OPENSSL_cleanse(iv, sizeof(iv)); return 0; return ret; } test/clienthellotest.c +1 −4 Original line number Diff line number Diff line Loading @@ -57,10 +57,7 @@ int main(int argc, char *argv[]) testresult = 0; ctx = SSL_CTX_new(TLS_method()); /* * This test is testing session tickets for <= TLS1.2. It isn't relevant * for TLS1.3 */ /* Testing for session tickets <= TLS1.2; not relevant for 1.3 */ if (ctx == NULL || !SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)) goto end; Loading Loading
apps/s_server.c +4 −0 Original line number Diff line number Diff line Loading @@ -553,6 +553,10 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx, err: ret = SSL_TLSEXT_ERR_ALERT_FATAL; done: /* * If we parsed aia we need to free; otherwise they were copied and we * don't */ if (aia != NULL) { OPENSSL_free(host); OPENSSL_free(path); Loading
ssl/statem/statem_clnt.c +2 −3 Original line number Diff line number Diff line Loading @@ -2190,9 +2190,8 @@ MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt) /* * Perform miscellaneous checks and processing after we have received the * server's initial flight. In TLS1.3 this is after the Server Finished message. * In <=TLS1.2 this is after the ServerDone message. * * Returns 1 on success or 0 on failure. * In <=TLS1.2 this is after the ServerDone message. Returns 1 on success or 0 * on failure. */ int tls_process_initial_server_flight(SSL *s, int *al) { Loading
ssl/tls13_enc.c +3 −5 Original line number Diff line number Diff line Loading @@ -293,6 +293,7 @@ int tls13_change_cipher_state(SSL *s, int which) size_t ivlen, keylen, finsecretlen; const unsigned char *label; size_t labellen; int ret = 0; if (which & SSL3_CC_READ) { if (s->enc_read_ctx != NULL) { Loading Loading @@ -427,14 +428,11 @@ int tls13_change_cipher_state(SSL *s, int which) } #endif OPENSSL_cleanse(secret, sizeof(secret)); OPENSSL_cleanse(key, sizeof(key)); OPENSSL_cleanse(iv, sizeof(iv)); return 1; ret = 1; err: OPENSSL_cleanse(secret, sizeof(secret)); OPENSSL_cleanse(key, sizeof(key)); OPENSSL_cleanse(iv, sizeof(iv)); return 0; return ret; }
test/clienthellotest.c +1 −4 Original line number Diff line number Diff line Loading @@ -57,10 +57,7 @@ int main(int argc, char *argv[]) testresult = 0; ctx = SSL_CTX_new(TLS_method()); /* * This test is testing session tickets for <= TLS1.2. It isn't relevant * for TLS1.3 */ /* Testing for session tickets <= TLS1.2; not relevant for 1.3 */ if (ctx == NULL || !SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)) goto end; Loading
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>