Add server side of versions, keyshare, and client and server of cookie

extensions for tls1.3.
versions is currently defanged to ignore its result until tls13 server
side wired in full, so that server side code still works today when
we only support tls 1.2
ok bcook@ tb@ jsing@

1 files changed, 5 insertions, 1 deletions

diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 36142f04152..6e4e8eb1d30 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.181 2019/01/24 01:50:41 beck Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.182 2019/01/24 02:56:41 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1569,6 +1569,7 @@ ssl3_free(SSL *s)
 	freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH);
 	freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH);
 	freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH);
+	freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len);
 
 	sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
 
@@ -1605,6 +1606,9 @@ ssl3_clear(SSL *s)
 	freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH);
 	freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH);
 	freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH);
+	freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len);
+	S3I(s)->hs_tls13.cookie = NULL;
+	S3I(s)->hs_tls13.cookie_len = 0;
 
 	S3I(s)->hs.extensions_seen = 0;