Reset rather than nil out Authenticator

For reuse in control channel.
2020-02-29 19:11:15 +01:00 · 2020-02-29 19:11:15 +01:00 · f6d915e6dd
parent a7aa78141e
commit f6d915e6dd
2 changed files with 14 additions and 3 deletions
--- a/TunnelKit/Sources/Protocols/OpenVPN/Authenticator.swift
+++ b/TunnelKit/Sources/Protocols/OpenVPN/Authenticator.swift
@ -62,9 +62,9 @@ extension OpenVPN {

        private(set) var serverRandom2: ZeroingData?

-        let username: ZeroingData?
+        private(set) var username: ZeroingData?
        
-        let password: ZeroingData?
+        private(set) var password: ZeroingData?
        
        var withLocalOptions: Bool
        
@ -87,6 +87,17 @@ extension OpenVPN {
            controlBuffer = Z()
        }
        
+        func reset() {
+            controlBuffer.zero()
+            preMaster.zero()
+            random1.zero()
+            random2.zero()
+            serverRandom1?.zero()
+            serverRandom2?.zero()
+            username = nil
+            password = nil
+        }
+        
        // MARK: Authentication request

        // Ruby: on_tls_connect
--- a/TunnelKit/Sources/Protocols/OpenVPN/OpenVPNSession.swift
+++ b/TunnelKit/Sources/Protocols/OpenVPN/OpenVPNSession.swift
@ -745,7 +745,7 @@ public class OpenVPNSession: Session {
    
    private func completeConnection() {
        setupEncryption()
-        authenticator = nil
+        authenticator?.reset()
        negotiationKey.controlState = .connected
        connectedDate = Date()
        transitionKeys()