mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-05 18:40:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #8068 from paul-elliott-arm/fix_tls_zeroization

Browse Source 
Fix TLS pad buffer zeroization
This commit is contained in:
Dave Rodgman 2023-09-01 23:35:23 +00:00 committed by GitHub
commit 16a76721b6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog.d/fix-tls-padbuf-zeroization Normal file
View File

@ -0,0 +1,4 @@
Security
* Fix a case where potentially sensitive information held in memory would not
be completely zeroized during TLS 1.2 handshake, in both server and client
configurations.

2
library/ssl_tls.c
View File

@ -7722,7 +7722,7 @@ static int ssl_calc_finished_tls_generic(mbedtls_ssl_context *ssl, void *ctx,
MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len); MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len);
mbedtls_platform_zeroize(padbuf, sizeof(padbuf)); mbedtls_platform_zeroize(padbuf, hlen);
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished")); MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));