Merge pull request #5256 from yuhaoth/pr/clean-up-secrets-after-done

TLS1.3 MVP: Erase secrets when they are not necessary anymore.
This commit is contained in:
Manuel Pégourié-Gonnard 2021-12-10 12:48:25 +01:00 committed by GitHub
commit 4525cce691
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 28 additions and 10 deletions

View File

@ -1063,7 +1063,7 @@ static int ssl_tls13_prepare_finished_message( mbedtls_ssl_context *ssl )
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "calculate_verify_data failed", ret );
MBEDTLS_SSL_DEBUG_RET( 1, "calculate_verify_data failed", ret );
return( ret );
}

View File

@ -654,7 +654,10 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
size_t transcript_len;
unsigned char const *base_key = NULL;
unsigned char *base_key = NULL;
size_t base_key_len = 0;
mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets =
&ssl->handshake->tls13_hs_secrets;
mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
const mbedtls_md_info_t* const md_info =
@ -663,8 +666,22 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_calculate_verify_data" ) );
if( from == MBEDTLS_SSL_IS_CLIENT )
{
base_key = tls13_hs_secrets->client_handshake_traffic_secret;
base_key_len = sizeof( tls13_hs_secrets->client_handshake_traffic_secret );
}
else
{
base_key = tls13_hs_secrets->server_handshake_traffic_secret;
base_key_len = sizeof( tls13_hs_secrets->server_handshake_traffic_secret );
}
if( dst_len < md_size )
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
{
ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
goto exit;
}
ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
transcript, sizeof( transcript ),
@ -676,11 +693,6 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
}
MBEDTLS_SSL_DEBUG_BUF( 4, "handshake hash", transcript, transcript_len );
if( from == MBEDTLS_SSL_IS_CLIENT )
base_key = ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret;
else
base_key = ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret;
ret = ssl_tls13_calc_finished_core( md_type, base_key, transcript, dst );
if( ret != 0 )
goto exit;
@ -690,7 +702,8 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls13_calculate_verify_data" ) );
exit:
/* Erase handshake secrets */
mbedtls_platform_zeroize( base_key, base_key_len );
mbedtls_platform_zeroize( transcript, sizeof( transcript ) );
return( ret );
}
@ -1164,6 +1177,9 @@ int mbedtls_ssl_tls13_generate_application_keys(
handshake->tls13_master_secrets.app,
transcript, transcript_len,
app_secrets );
/* Erase master secrets */
mbedtls_platform_zeroize( &ssl->handshake->tls13_master_secrets,
sizeof( ssl->handshake->tls13_master_secrets ) );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1,
@ -1225,7 +1241,9 @@ int mbedtls_ssl_tls13_generate_application_keys(
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive application traffic keys" ) );
cleanup:
/* randbytes is not used again */
mbedtls_platform_zeroize( ssl->handshake->randbytes,
sizeof( ssl->handshake->randbytes ) );
mbedtls_platform_zeroize( transcript, sizeof( transcript ) );
return( ret );
}