Move key_block into SSL_HANDSHAKE.
This is already manually released at the end of the handshake. With this
change, it can happen implicitly, and SSL3_STATE shrinks further by
another pointer.
Change-Id: I94b9f2e4df55e8f2aa0b3a8799baa3b9a34d7ac1
Reviewed-on: https://boringssl-review.googlesource.com/12121
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index 1a0cbbf..311e9fd 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -507,8 +507,6 @@
break;
case SSL_ST_OK:
- /* Clean a few things up. */
- ssl3_cleanup_key_block(ssl);
ssl->method->release_current_message(ssl, 1 /* free_buffer */);
SSL_SESSION_free(ssl->s3->established_session);
diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index 285bd84..117be78 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c
@@ -476,8 +476,6 @@
break;
case SSL_ST_OK:
- /* Clean a few things up. */
- ssl3_cleanup_key_block(ssl);
ssl->method->release_current_message(ssl, 1 /* free_buffer */);
/* If we aren't retaining peer certificates then we can discard it
diff --git a/ssl/internal.h b/ssl/internal.h
index a054bbf..7badc5b 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1003,6 +1003,10 @@
* received in a CertificateRequest message. */
uint8_t *certificate_types;
size_t num_certificate_types;
+
+ /* key_block is the record-layer key block for TLS 1.2 and earlier. */
+ uint8_t *key_block;
+ uint8_t key_block_len;
} SSL_HANDSHAKE;
SSL_HANDSHAKE *ssl_handshake_new(enum ssl_hs_wait_t (*do_handshake)(SSL *ssl));
@@ -1435,9 +1439,6 @@
int reuse_message;
- uint8_t *key_block;
- uint8_t key_block_length;
-
uint8_t new_mac_secret_len;
uint8_t new_key_len;
uint8_t new_fixed_iv_len;
@@ -1681,7 +1682,6 @@
int ssl3_get_finished(SSL *ssl);
int ssl3_send_change_cipher_spec(SSL *ssl);
-void ssl3_cleanup_key_block(SSL *ssl);
int ssl3_send_alert(SSL *ssl, int level, int desc);
int ssl3_get_message(SSL *ssl, int msg_type,
enum ssl_hash_message_t hash_message);
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 1e7e4e1..11aeed0 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -163,6 +163,12 @@
OPENSSL_free(hs->peer_psk_identity_hint);
sk_X509_NAME_pop_free(hs->ca_names, X509_NAME_free);
OPENSSL_free(hs->certificate_types);
+
+ if (hs->key_block != NULL) {
+ OPENSSL_cleanse(hs->key_block, hs->key_block_len);
+ OPENSSL_free(hs->key_block);
+ }
+
OPENSSL_free(hs);
}
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 2209e80..7cdc294 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -209,15 +209,6 @@
return 1;
}
-void ssl3_cleanup_key_block(SSL *ssl) {
- if (ssl->s3->tmp.key_block != NULL) {
- OPENSSL_cleanse(ssl->s3->tmp.key_block, ssl->s3->tmp.key_block_length);
- OPENSSL_free(ssl->s3->tmp.key_block);
- ssl->s3->tmp.key_block = NULL;
- }
- ssl->s3->tmp.key_block_length = 0;
-}
-
int ssl3_init_handshake_buffer(SSL *ssl) {
ssl3_free_handshake_buffer(ssl);
ssl3_free_handshake_hash(ssl);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index f119523..9cc0d9d 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -200,7 +200,6 @@
return;
}
- ssl3_cleanup_key_block(ssl);
ssl_read_buffer_clear(ssl);
ssl_write_buffer_clear(ssl);
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 4bd31b9..bf5c069 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -276,10 +276,9 @@
size_t mac_secret_len = ssl->s3->tmp.new_mac_secret_len;
size_t key_len = ssl->s3->tmp.new_key_len;
size_t iv_len = ssl->s3->tmp.new_fixed_iv_len;
- assert((mac_secret_len + key_len + iv_len) * 2 ==
- ssl->s3->tmp.key_block_length);
+ assert((mac_secret_len + key_len + iv_len) * 2 == ssl->s3->hs->key_block_len);
- const uint8_t *key_data = ssl->s3->tmp.key_block;
+ const uint8_t *key_data = ssl->s3->hs->key_block;
const uint8_t *client_write_mac_secret = key_data;
key_data += mac_secret_len;
const uint8_t *server_write_mac_secret = key_data;
@@ -334,7 +333,7 @@
}
int tls1_setup_key_block(SSL *ssl) {
- if (ssl->s3->tmp.key_block_length != 0) {
+ if (ssl->s3->hs->key_block_len != 0) {
return 1;
}
@@ -373,8 +372,6 @@
size_t key_block_len = SSL_get_key_block_len(ssl);
- ssl3_cleanup_key_block(ssl);
-
uint8_t *keyblock = OPENSSL_malloc(key_block_len);
if (keyblock == NULL) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
@@ -387,8 +384,8 @@
}
assert(key_block_len < 256);
- ssl->s3->tmp.key_block_length = (uint8_t)key_block_len;
- ssl->s3->tmp.key_block = keyblock;
+ ssl->s3->hs->key_block_len = (uint8_t)key_block_len;
+ ssl->s3->hs->key_block = keyblock;
return 1;
}
