mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-28 08:37:25 +00:00
Merge pull request #5256 from yuhaoth/pr/clean-up-secrets-after-done
TLS1.3 MVP: Erase secrets when they are not necessary anymore.
This commit is contained in:
commit
4525cce691
@ -1063,7 +1063,7 @@ static int ssl_tls13_prepare_finished_message( mbedtls_ssl_context *ssl )
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "calculate_verify_data failed", ret );
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "calculate_verify_data failed", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
@ -654,7 +654,10 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
|
||||
unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
|
||||
size_t transcript_len;
|
||||
|
||||
unsigned char const *base_key = NULL;
|
||||
unsigned char *base_key = NULL;
|
||||
size_t base_key_len = 0;
|
||||
mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets =
|
||||
&ssl->handshake->tls13_hs_secrets;
|
||||
|
||||
mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
|
||||
const mbedtls_md_info_t* const md_info =
|
||||
@ -663,8 +666,22 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_calculate_verify_data" ) );
|
||||
|
||||
if( from == MBEDTLS_SSL_IS_CLIENT )
|
||||
{
|
||||
base_key = tls13_hs_secrets->client_handshake_traffic_secret;
|
||||
base_key_len = sizeof( tls13_hs_secrets->client_handshake_traffic_secret );
|
||||
}
|
||||
else
|
||||
{
|
||||
base_key = tls13_hs_secrets->server_handshake_traffic_secret;
|
||||
base_key_len = sizeof( tls13_hs_secrets->server_handshake_traffic_secret );
|
||||
}
|
||||
|
||||
if( dst_len < md_size )
|
||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||
{
|
||||
ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
|
||||
transcript, sizeof( transcript ),
|
||||
@ -676,11 +693,6 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
|
||||
}
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "handshake hash", transcript, transcript_len );
|
||||
|
||||
if( from == MBEDTLS_SSL_IS_CLIENT )
|
||||
base_key = ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret;
|
||||
else
|
||||
base_key = ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret;
|
||||
|
||||
ret = ssl_tls13_calc_finished_core( md_type, base_key, transcript, dst );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
@ -690,7 +702,8 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls13_calculate_verify_data" ) );
|
||||
|
||||
exit:
|
||||
|
||||
/* Erase handshake secrets */
|
||||
mbedtls_platform_zeroize( base_key, base_key_len );
|
||||
mbedtls_platform_zeroize( transcript, sizeof( transcript ) );
|
||||
return( ret );
|
||||
}
|
||||
@ -1164,6 +1177,9 @@ int mbedtls_ssl_tls13_generate_application_keys(
|
||||
handshake->tls13_master_secrets.app,
|
||||
transcript, transcript_len,
|
||||
app_secrets );
|
||||
/* Erase master secrets */
|
||||
mbedtls_platform_zeroize( &ssl->handshake->tls13_master_secrets,
|
||||
sizeof( ssl->handshake->tls13_master_secrets ) );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1,
|
||||
@ -1225,7 +1241,9 @@ int mbedtls_ssl_tls13_generate_application_keys(
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive application traffic keys" ) );
|
||||
|
||||
cleanup:
|
||||
|
||||
/* randbytes is not used again */
|
||||
mbedtls_platform_zeroize( ssl->handshake->randbytes,
|
||||
sizeof( ssl->handshake->randbytes ) );
|
||||
mbedtls_platform_zeroize( transcript, sizeof( transcript ) );
|
||||
return( ret );
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user