From 60497c21aeb56e3c73351ebf6849438e543c19b8 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Sun, 16 May 2021 15:21:10 +0000
Subject: [PATCH] Zero the tls12_record_protection struct instead of individual
 fields.

In tls12_record_protection_clear(), rather than zeroing or NULLing
individual fields once a pointer has been freed, zero the entire struct once
the pointers have been dealt with.

ok tb@
---
 lib/libssl/tls12_record_layer.c | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/lib/libssl/tls12_record_layer.c b/lib/libssl/tls12_record_layer.c
index 652ca873a6a..82a14f7147f 100644
--- a/lib/libssl/tls12_record_layer.c
+++ b/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls12_record_layer.c,v 1.28 2021/05/05 19:52:00 jsing Exp $ */
+/* $OpenBSD: tls12_record_layer.c,v 1.29 2021/05/16 15:21:10 jsing Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
  *
@@ -48,23 +48,17 @@ tls12_record_protection_new(void)
 static void
 tls12_record_protection_clear(struct tls12_record_protection *rp)
 {
-	memset(rp->seq_num, 0, sizeof(rp->seq_num));
-
 	if (rp->aead_ctx != NULL) {
 		EVP_AEAD_CTX_cleanup(&rp->aead_ctx->ctx);
 		freezero(rp->aead_ctx, sizeof(*rp->aead_ctx));
-		rp->aead_ctx = NULL;
 	}
 
 	EVP_CIPHER_CTX_free(rp->cipher_ctx);
-	rp->cipher_ctx = NULL;
-
 	EVP_MD_CTX_free(rp->hash_ctx);
-	rp->hash_ctx = NULL;
 
 	freezero(rp->mac_key, rp->mac_key_len);
-	rp->mac_key = NULL;
-	rp->mac_key_len = 0;
+
+	memset(rp, 0, sizeof(*rp));
 }
 
 static void
-- 
2.20.1