Release TLS 1.3 key shares earlier in TLS 1.2. This isn't hugely important since the hs object will actually be released at the end of the handshake, but no sense in holding on to them longer than needed. Also release |public_key| when we no longer need it and document what the fields mean. Change-Id: If677cb4a915c75405dabe7135205630527afd8bc Reviewed-on: https://boringssl-review.googlesource.com/10360 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: 4fe3c90b7d781d4075ad23c49afc568b5881f10a [log] [tgz]
author: David Benjamin <davidben@google.com> Tue Aug 16 02:17:03 2016 -0400
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Mon Sep 19 20:35:35 2016 +0000
tree: 958dc9e9e002e1fefcd1cadb2224eb72c739fb53
parent: 3ba2ae0417a814f5fb2cdc64b61a47d5266e270f [diff] [blame]
diff --git a/ssl/tls13_client.c b/ssl/tls13_client.c
index 20f4bcd..09c013e 100644
--- a/ssl/tls13_client.c
+++ b/ssl/tls13_client.c

@@ -677,3 +677,11 @@
   SSL_SESSION_free(session);
   return 1;
 }
+
+void ssl_clear_tls13_state(SSL *ssl) {
+  ssl_handshake_clear_groups(ssl->s3->hs);
+
+  OPENSSL_free(ssl->s3->hs->key_share_bytes);
+  ssl->s3->hs->key_share_bytes = NULL;
+  ssl->s3->hs->key_share_bytes_len = 0;
+}
commit	4fe3c90b7d781d4075ad23c49afc568b5881f10a	[log] [tgz]
author	David Benjamin <davidben@google.com>	Tue Aug 16 02:17:03 2016 -0400
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Mon Sep 19 20:35:35 2016 +0000
tree	958dc9e9e002e1fefcd1cadb2224eb72c739fb53
parent	3ba2ae0417a814f5fb2cdc64b61a47d5266e270f [diff] [blame]