Implement the Opaque PRF Input TLS extension

(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and bugfixes on the way. In particular, this fixes the buffer bounds checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext(). Note that the opaque PRF Input TLS extension is not compiled by default; see CHANGES.
2007-09-21 06:54:24 +00:00
parent 54ef01b54b
commit 761772d7e1
16 changed files with 544 additions and 89 deletions
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -542,6 +542,7 @@ void SSL_free(SSL *s)
 	if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist);
 	if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist);
 #endif /* OPENSSL_NO_EC */
+	if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input);
 #endif

 	if (s->client_CA != NULL)