commit 998f2e092e6b2a2f609254db2fef5b688f5dd6d3
author Kazuho Oku <kazuhooku@gmail.com> Thu Sep 15 13:10:26 2022 +0900
committer Kazuho Oku <kazuhooku@gmail.com> Thu Sep 15 13:10:26 2022 +0900
tree 47673d6cc974d561c2deaa3a56153eac9ed6a247
parent 644489f9e209746737c1a1b313627af167d8e4f6

clear GHASH vectors before calling `free`

lib/fusion.c

diff --git a/lib/fusion.c b/lib/fusion.c
index f64df29..c3ef8a8 100644
--- a/lib/fusion.c
+++ b/lib/fusion.c
@@ -1018,11 +1018,14 @@
     if (new_ghash_cnt <= ctx->ghash_cnt)
         return ctx;
 
-    size_t new_ctx_size = calc_aesgcm_context_size(&new_ghash_cnt, ctx->ecb.aesni256);
+    size_t new_ctx_size = calc_aesgcm_context_size(&new_ghash_cnt, ctx->ecb.aesni256),
+           old_ctx_size = calc_aesgcm_context_size(&ctx->ghash_cnt, ctx->ecb.aesni256);
+
     ptls_fusion_aesgcm_context_t *newp;
     if ((newp = aligned_alloc(32, new_ctx_size)) == NULL)
         return NULL;
-    memcpy(newp, ctx, calc_aesgcm_context_size(&ctx->ghash_cnt, ctx->ecb.aesni256));
+    memcpy(newp, ctx, old_ctx_size);
+    ptls_clear_memory(ctx, old_ctx_size);
     free(ctx);
     ctx = newp;