zeroize ssl->encrypt after transferring ownership to dup

This commit is contained in:
Ruby Martin
2026-03-25 12:27:23 -06:00
parent 75e6406cd3
commit 14695fb9cd
+3 -3
View File
@@ -906,6 +906,9 @@ static int DupSSL(WOLFSSL* dup, WOLFSSL* ssl)
XMEMCPY(&dup->version, &ssl->version, sizeof(ProtocolVersion));
XMEMCPY(&dup->chVersion, &ssl->chVersion, sizeof(ProtocolVersion));
/* dup side now owns encrypt/write ciphers */
XMEMSET(&ssl->encrypt, 0, sizeof(Ciphers));
#ifdef HAVE_ONE_TIME_AUTH
#ifdef HAVE_POLY1305
if (ssl->auth.setup && ssl->auth.poly1305 != NULL) {
@@ -918,9 +921,6 @@ static int DupSSL(WOLFSSL* dup, WOLFSSL* ssl)
#endif
#endif
/* dup side now owns encrypt/write ciphers */
XMEMSET(&ssl->encrypt, 0, sizeof(Ciphers));
#ifdef WOLFSSL_TLS13
if (IsAtLeastTLSv1_3(ssl->version)) {
/* Copy TLS 1.3 application traffic secrets so the write side can