Google Git
Sign in
boringssl/boringssl.git/6c9758fa9a35b8996a82a0867127af41ca82bcb0^!/.
commit
6c9758fa9a35b8996a82a0867127af41ca82bcb0
[log]
author
David Benjamin <davidben@google.com>
Tue May 18 13:50:50 2021 -0400
committer
David Benjamin <davidben@google.com>
Wed Jun 09 22:30:49 2021 +0000
tree
b1a26fa458039ecee0937b9b8d341c95c29b7e1f
parent
4e93cd487f0a7f447d194621a59018a88d246379 [diff]
Release some temporaries outside of ClientHello callbacks.

Also add ECH GREASE state into the mix. Clearing this isn't critical,
especially now that we have an SSL_HANDSHAKE structure, but it's easy
enough.

Bug: 275
Change-Id: If1aa8d5c0c8fdb5af710852778ce452c507a2524
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47985
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index 07da255..aa015d4 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc

@@ -422,6 +422,12 @@
   return ssl_early_data_accepted;
 }
 
+void ssl_done_writing_client_hello(SSL_HANDSHAKE *hs) {
+  hs->ech_grease.Reset();
+  hs->cookie.Reset();
+  hs->key_share_bytes.Reset();
+}
+
 static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
   SSL *const ssl = hs->ssl;
 
@@ -666,7 +672,7 @@
   // Clear some TLS 1.3 state that no longer needs to be retained.
   hs->key_shares[0].reset();
   hs->key_shares[1].reset();
-  hs->key_share_bytes.Reset();
+  ssl_done_writing_client_hello(hs);
 
   // A TLS 1.2 server would not know to skip the early data we offered. Report
   // an error code sooner. The caller may use this error code to implement the

diff --git a/ssl/internal.h b/ssl/internal.h
index c5fb263..d6801df 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -2135,6 +2135,10 @@
 // handshake. Note, in TLS 1.2 resumptions, this session is immutable.
 const SSL_SESSION *ssl_handshake_session(const SSL_HANDSHAKE *hs);
 
+// ssl_done_writing_client_hello is called after the last ClientHello is written
+// by |hs|. It releases some memory that is no longer needed.
+void ssl_done_writing_client_hello(SSL_HANDSHAKE *hs);
+
 
 // SSLKEYLOGFILE functions.
 

diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 0eec28a..da3400f 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc

@@ -2265,7 +2265,6 @@
                        hs->key_share_bytes.size())) {
       return false;
     }
-    hs->key_share_bytes.Reset();
     if (group_id == 0) {
       return CBB_flush(out);
     }
@@ -2480,8 +2479,6 @@
     return false;
   }
 
-  // The cookie is no longer needed in memory.
-  hs->cookie.Reset();
   return true;
 }
 

diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index 37ca4b2..c7f45f6 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc

@@ -260,6 +260,7 @@
     return ssl_hs_error;
   }
 
+  ssl_done_writing_client_hello(hs);
   hs->tls13_state = state_read_server_hello;
   return ssl_hs_flush;
 }