Move peer_supported_group_list to SSL_HANDSHAKE. Now not only the pointers but also the list itself is released after the handshake completes. Change-Id: I8b568147d2d4949b3b0efe58a93905f77a5a4481 Reviewed-on: https://boringssl-review.googlesource.com/11528 Reviewed-by: Adam Langley <agl@google.com>

commit: 43612b6bc742dc4ac242b8e5a10a9f34da29d7d5 [log] [tgz]
author: David Benjamin <davidben@google.com> Fri Oct 07 00:41:50 2016 -0400
committer: Adam Langley <agl@google.com> Sun Oct 09 17:20:33 2016 +0000
tree: 4341fa9c810640095e0491dbd7176dbdae9ced30
parent: f04976ba254a909e8f94ffdf2e18ad50a0580560 [diff]
diff --git a/ssl/internal.h b/ssl/internal.h
index 1efc486..591e6ab 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -943,6 +943,12 @@
   /* num_peer_sigalgs is the number of entries in |peer_sigalgs|. */
   size_t num_peer_sigalgs;
 
+  /* peer_supported_group_list contains the supported group IDs advertised by
+   * the peer. This is only set on the server's end. The server does not
+   * advertise this extension to the client. */
+  uint16_t *peer_supported_group_list;
+  size_t peer_supported_group_list_len;
+
   /* session_tickets_sent, in TLS 1.3, is the number of tickets the server has
    * sent. */
   uint8_t session_tickets_sent;

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 5092a3b..3ed3793 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c

@@ -153,6 +153,7 @@
   OPENSSL_free(hs->key_share_bytes);
   OPENSSL_free(hs->public_key);
   OPENSSL_free(hs->peer_sigalgs);
+  OPENSSL_free(hs->peer_supported_group_list);
   OPENSSL_free(hs->peer_psk_identity_hint);
   sk_X509_NAME_pop_free(hs->ca_names, X509_NAME_free);
   OPENSSL_free(hs->certificate_types);

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 472c9cb..1515f94 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c

@@ -207,7 +207,6 @@
   OPENSSL_free(ssl->s3->tmp.peer_key);
   OPENSSL_free(ssl->s3->tmp.server_params);
 
-  OPENSSL_free(ssl->s3->tmp.peer_supported_group_list);
   SSL_SESSION_free(ssl->s3->new_session);
   SSL_SESSION_free(ssl->s3->established_session);
   ssl3_free_handshake_buffer(ssl);

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index a134c3f..06595d2 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -341,11 +341,11 @@
   if (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
     pref = groups;
     pref_len = groups_len;
-    supp = ssl->s3->tmp.peer_supported_group_list;
-    supp_len = ssl->s3->tmp.peer_supported_group_list_len;
+    supp = ssl->s3->hs->peer_supported_group_list;
+    supp_len = ssl->s3->hs->peer_supported_group_list_len;
   } else {
-    pref = ssl->s3->tmp.peer_supported_group_list;
-    pref_len = ssl->s3->tmp.peer_supported_group_list_len;
+    pref = ssl->s3->hs->peer_supported_group_list;
+    pref_len = ssl->s3->hs->peer_supported_group_list_len;
     supp = groups;
     supp_len = groups_len;
   }
@@ -2259,12 +2259,6 @@
  * https://tools.ietf.org/html/rfc4492#section-5.1.2
  * https://tools.ietf.org/html/draft-ietf-tls-tls13-12#section-6.3.2.2 */
 
-static void ext_supported_groups_init(SSL *ssl) {
-  OPENSSL_free(ssl->s3->tmp.peer_supported_group_list);
-  ssl->s3->tmp.peer_supported_group_list = NULL;
-  ssl->s3->tmp.peer_supported_group_list_len = 0;
-}
-
 static int ext_supported_groups_add_clienthello(SSL *ssl, CBB *out) {
   if (!ssl_any_ec_cipher_suites_enabled(ssl)) {
     return 1;
@@ -2318,9 +2312,9 @@
     return 0;
   }
 
-  ssl->s3->tmp.peer_supported_group_list = OPENSSL_malloc(
+  ssl->s3->hs->peer_supported_group_list = OPENSSL_malloc(
       CBS_len(&supported_group_list));
-  if (ssl->s3->tmp.peer_supported_group_list == NULL) {
+  if (ssl->s3->hs->peer_supported_group_list == NULL) {
     *out_alert = SSL_AD_INTERNAL_ERROR;
     return 0;
   }
@@ -2328,19 +2322,19 @@
   const size_t num_groups = CBS_len(&supported_group_list) / 2;
   for (size_t i = 0; i < num_groups; i++) {
     if (!CBS_get_u16(&supported_group_list,
-                     &ssl->s3->tmp.peer_supported_group_list[i])) {
+                     &ssl->s3->hs->peer_supported_group_list[i])) {
       goto err;
     }
   }
 
   assert(CBS_len(&supported_group_list) == 0);
-  ssl->s3->tmp.peer_supported_group_list_len = num_groups;
+  ssl->s3->hs->peer_supported_group_list_len = num_groups;
 
   return 1;
 
 err:
-  OPENSSL_free(ssl->s3->tmp.peer_supported_group_list);
-  ssl->s3->tmp.peer_supported_group_list = NULL;
+  OPENSSL_free(ssl->s3->hs->peer_supported_group_list);
+  ssl->s3->hs->peer_supported_group_list = NULL;
   *out_alert = SSL_AD_INTERNAL_ERROR;
   return 0;
 }
@@ -2479,7 +2473,7 @@
    * https://crbug.com/363583. */
   {
     TLSEXT_TYPE_supported_groups,
-    ext_supported_groups_init,
+    NULL,
     ext_supported_groups_add_clienthello,
     ext_supported_groups_parse_serverhello,
     ext_supported_groups_parse_clienthello,
commit	43612b6bc742dc4ac242b8e5a10a9f34da29d7d5	[log] [tgz]
author	David Benjamin <davidben@google.com>	Fri Oct 07 00:41:50 2016 -0400
committer	Adam Langley <agl@google.com>	Sun Oct 09 17:20:33 2016 +0000
tree	4341fa9c810640095e0491dbd7176dbdae9ced30
parent	f04976ba254a909e8f94ffdf2e18ad50a0580560 [diff]