From 745db226dbb3c020e8c76aa3bf2a28d69ded8a7a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 2 Dec 2021 16:31:19 +0800 Subject: [PATCH 01/14] fix possible security leak for counter Signed-off-by: Jerry Yu --- library/ssl_msg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 286294f828..4de851c7b6 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5332,14 +5332,14 @@ void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform ) { ssl->transform_in = transform; - memset( ssl->in_ctr, 0, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN ); + mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN ); } void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform ) { ssl->transform_out = transform; - memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) ); + mbedtls_platform_zeroize( ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) ); } #if defined(MBEDTLS_SSL_PROTO_DTLS) From d103bdb01d125a81a0113b76fe597c1498bc8ad0 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 2 Dec 2021 16:32:13 +0800 Subject: [PATCH 02/14] Clean randbytes Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 066147a5ea..fbdf69aeaa 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -965,6 +965,9 @@ static int ssl_tls13_postprocess_server_finished_message( mbedtls_ssl_context *s goto cleanup; } + /* randbytes is not used again */ + mbedtls_platform_zeroize( ssl->handshake->randbytes, + sizeof( ssl->handshake->randbytes ) ); transform_application = mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) ); if( transform_application == NULL ) From a986e9faac963b57c3ce1b238402d93db80554c0 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 2 Dec 2021 17:00:52 +0800 Subject: [PATCH 03/14] Clean handshake secrets Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 1874d4fde9..ff448de705 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1646,6 +1646,11 @@ static int ssl_tls13_flush_buffers( mbedtls_ssl_context *ssl ) */ static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ) { + mbedtls_platform_zeroize( &ssl->handshake->tls1_3_master_secrets, + sizeof(ssl->handshake->tls1_3_master_secrets)); + mbedtls_platform_zeroize( &ssl->handshake->tls13_hs_secrets, + sizeof(ssl->handshake->tls13_hs_secrets)); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to application keys for inbound traffic" ) ); mbedtls_ssl_set_inbound_transform ( ssl, ssl->transform_application ); From bdfd01835ab57aa62fc59225c6babf4840a4a637 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 7 Dec 2021 10:27:28 +0800 Subject: [PATCH 04/14] fix compile break after merge Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index ff448de705..2e263844db 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1646,8 +1646,8 @@ static int ssl_tls13_flush_buffers( mbedtls_ssl_context *ssl ) */ static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ) { - mbedtls_platform_zeroize( &ssl->handshake->tls1_3_master_secrets, - sizeof(ssl->handshake->tls1_3_master_secrets)); + mbedtls_platform_zeroize( &ssl->handshake->tls13_master_secrets, + sizeof(ssl->handshake->tls13_master_secrets)); mbedtls_platform_zeroize( &ssl->handshake->tls13_hs_secrets, sizeof(ssl->handshake->tls13_hs_secrets)); From 2c70a39d97d90a1cd6cff4092a408fa9f5478f6f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 8 Dec 2021 13:28:49 +0800 Subject: [PATCH 05/14] move zeroize randbytes Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 3 --- library/ssl_tls13_keys.c | 4 +++- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index fbdf69aeaa..066147a5ea 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -965,9 +965,6 @@ static int ssl_tls13_postprocess_server_finished_message( mbedtls_ssl_context *s goto cleanup; } - /* randbytes is not used again */ - mbedtls_platform_zeroize( ssl->handshake->randbytes, - sizeof( ssl->handshake->randbytes ) ); transform_application = mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) ); if( transform_application == NULL ) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 45fb5ed193..45f3287355 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1225,7 +1225,9 @@ int mbedtls_ssl_tls13_generate_application_keys( MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive application traffic keys" ) ); cleanup: - + /* randbytes is not used again */ + mbedtls_platform_zeroize( ssl->handshake->randbytes, + sizeof( ssl->handshake->randbytes ) ); mbedtls_platform_zeroize( transcript, sizeof( transcript ) ); return( ret ); } From 23ab7a46a3c983e524ebe538320b84f0a67f2abb Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 8 Dec 2021 14:34:10 +0800 Subject: [PATCH 06/14] move zeroize master secrets Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 3 +-- library/ssl_tls13_keys.c | 3 +++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 2e263844db..f219586927 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1646,8 +1646,7 @@ static int ssl_tls13_flush_buffers( mbedtls_ssl_context *ssl ) */ static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ) { - mbedtls_platform_zeroize( &ssl->handshake->tls13_master_secrets, - sizeof(ssl->handshake->tls13_master_secrets)); + mbedtls_platform_zeroize( &ssl->handshake->tls13_hs_secrets, sizeof(ssl->handshake->tls13_hs_secrets)); diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 45f3287355..765b7fdb84 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1164,6 +1164,9 @@ int mbedtls_ssl_tls13_generate_application_keys( handshake->tls13_master_secrets.app, transcript, transcript_len, app_secrets ); + /* Erase master secrets*/ + mbedtls_platform_zeroize( &ssl->handshake->tls13_master_secrets, + sizeof(ssl->handshake->tls13_master_secrets)); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, From 7ca30547954e483816ff70db8fcec584d1738d5d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 8 Dec 2021 15:57:57 +0800 Subject: [PATCH 07/14] move zerioize tls13_hs_secrets Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 3 --- library/ssl_tls13_generic.c | 8 ++++++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index f219586927..88f240e650 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1647,9 +1647,6 @@ static int ssl_tls13_flush_buffers( mbedtls_ssl_context *ssl ) static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ) { - mbedtls_platform_zeroize( &ssl->handshake->tls13_hs_secrets, - sizeof(ssl->handshake->tls13_hs_secrets)); - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to application keys for inbound traffic" ) ); mbedtls_ssl_set_inbound_transform ( ssl, ssl->transform_application ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 066147a5ea..49256ec220 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1060,10 +1060,14 @@ static int ssl_tls13_prepare_finished_message( mbedtls_ssl_context *ssl ) sizeof( ssl->handshake->state_local.finished_out.digest ), &ssl->handshake->state_local.finished_out.digest_len, ssl->conf->endpoint ); - + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + { + mbedtls_platform_zeroize( &ssl->handshake->tls13_hs_secrets, + sizeof(ssl->handshake->tls13_hs_secrets)); + } if( ret != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "calculate_verify_data failed", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "calculate_verify_data failed", ret ); return( ret ); } From 5132771f5ff571432bd8879b01fcf7288714950b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 9 Dec 2021 10:54:22 +0800 Subject: [PATCH 08/14] Revert "fix possible security leak for counter" This reverts commit 8aab77e11e2aebec09dc9d682b16373771471fe0. Signed-off-by: Jerry Yu --- library/ssl_msg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 4de851c7b6..286294f828 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5332,14 +5332,14 @@ void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform ) { ssl->transform_in = transform; - mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN ); + memset( ssl->in_ctr, 0, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN ); } void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform ) { ssl->transform_out = transform; - mbedtls_platform_zeroize( ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) ); + memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) ); } #if defined(MBEDTLS_SSL_PROTO_DTLS) From 27224f58be7df8430f4826d6a4f8a4541dfdcc61 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 9 Dec 2021 10:56:50 +0800 Subject: [PATCH 09/14] fix coding style issue Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 2 +- library/ssl_tls13_keys.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 49256ec220..d15296f745 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1063,7 +1063,7 @@ static int ssl_tls13_prepare_finished_message( mbedtls_ssl_context *ssl ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) { mbedtls_platform_zeroize( &ssl->handshake->tls13_hs_secrets, - sizeof(ssl->handshake->tls13_hs_secrets)); + sizeof( ssl->handshake->tls13_hs_secrets ) ); } if( ret != 0 ) { diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 765b7fdb84..3306d62d17 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1166,7 +1166,7 @@ int mbedtls_ssl_tls13_generate_application_keys( app_secrets ); /* Erase master secrets*/ mbedtls_platform_zeroize( &ssl->handshake->tls13_master_secrets, - sizeof(ssl->handshake->tls13_master_secrets)); + sizeof( ssl->handshake->tls13_master_secrets ) ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, From 4a2fa5d0aaa99ce906bcaee76deeb67273b4b691 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 10 Dec 2021 10:19:34 +0800 Subject: [PATCH 10/14] Move erase handshake secrets Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 1 - library/ssl_tls13_generic.c | 6 +----- library/ssl_tls13_keys.c | 14 +++++++++++--- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 88f240e650..1874d4fde9 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1646,7 +1646,6 @@ static int ssl_tls13_flush_buffers( mbedtls_ssl_context *ssl ) */ static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to application keys for inbound traffic" ) ); mbedtls_ssl_set_inbound_transform ( ssl, ssl->transform_application ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index d15296f745..4543d742b4 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1060,11 +1060,7 @@ static int ssl_tls13_prepare_finished_message( mbedtls_ssl_context *ssl ) sizeof( ssl->handshake->state_local.finished_out.digest ), &ssl->handshake->state_local.finished_out.digest_len, ssl->conf->endpoint ); - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) - { - mbedtls_platform_zeroize( &ssl->handshake->tls13_hs_secrets, - sizeof( ssl->handshake->tls13_hs_secrets ) ); - } + if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "calculate_verify_data failed", ret ); diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 3306d62d17..ea0c55bffb 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -654,7 +654,8 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; size_t transcript_len; - unsigned char const *base_key = NULL; + unsigned char *base_key = NULL; + size_t base_key_len; mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac; const mbedtls_md_info_t* const md_info = @@ -677,9 +678,15 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, MBEDTLS_SSL_DEBUG_BUF( 4, "handshake hash", transcript, transcript_len ); if( from == MBEDTLS_SSL_IS_CLIENT ) + { base_key = ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret; + base_key_len = sizeof( ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret ); + } else + { base_key = ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret; + base_key_len = sizeof( ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret ); + } ret = ssl_tls13_calc_finished_core( md_type, base_key, transcript, dst ); if( ret != 0 ) @@ -690,7 +697,8 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls13_calculate_verify_data" ) ); exit: - + /* Erase handshake secrets */ + mbedtls_platform_zeroize( base_key, base_key_len ); mbedtls_platform_zeroize( transcript, sizeof( transcript ) ); return( ret ); } @@ -1164,7 +1172,7 @@ int mbedtls_ssl_tls13_generate_application_keys( handshake->tls13_master_secrets.app, transcript, transcript_len, app_secrets ); - /* Erase master secrets*/ + /* Erase master secrets */ mbedtls_platform_zeroize( &ssl->handshake->tls13_master_secrets, sizeof( ssl->handshake->tls13_master_secrets ) ); if( ret != 0 ) From 889b3b76da4ca9471a4b73f3bf544909e85f15a4 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 10 Dec 2021 12:57:45 +0800 Subject: [PATCH 11/14] fix clang build fail Signed-off-by: Jerry Yu --- library/ssl_tls13_keys.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index ea0c55bffb..88f0fe57fb 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -655,7 +655,6 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, size_t transcript_len; unsigned char *base_key = NULL; - size_t base_key_len; mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac; const mbedtls_md_info_t* const md_info = @@ -678,15 +677,9 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, MBEDTLS_SSL_DEBUG_BUF( 4, "handshake hash", transcript, transcript_len ); if( from == MBEDTLS_SSL_IS_CLIENT ) - { base_key = ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret; - base_key_len = sizeof( ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret ); - } else - { base_key = ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret; - base_key_len = sizeof( ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret ); - } ret = ssl_tls13_calc_finished_core( md_type, base_key, transcript, dst ); if( ret != 0 ) @@ -698,7 +691,10 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, exit: /* Erase handshake secrets */ - mbedtls_platform_zeroize( base_key, base_key_len ); + if( from == MBEDTLS_SSL_IS_CLIENT ) + mbedtls_platform_zeroize( base_key, sizeof( ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret ) ); + else + mbedtls_platform_zeroize( base_key, sizeof( ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret ) ); mbedtls_platform_zeroize( transcript, sizeof( transcript ) ); return( ret ); } From 9c07473ebccc34c4d0c52e154b1bf3d1e111dae3 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 10 Dec 2021 17:12:43 +0800 Subject: [PATCH 12/14] fix various issues Signed-off-by: Jerry Yu --- library/ssl_tls13_keys.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 88f0fe57fb..6b8f8e146e 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -655,6 +655,8 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, size_t transcript_len; unsigned char *base_key = NULL; + mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets = + &ssl->handshake->tls13_hs_secrets; mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac; const mbedtls_md_info_t* const md_info = @@ -664,7 +666,10 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_calculate_verify_data" ) ); if( dst_len < md_size ) - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + { + ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; + goto exit; + } ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type, transcript, sizeof( transcript ), @@ -677,9 +682,9 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, MBEDTLS_SSL_DEBUG_BUF( 4, "handshake hash", transcript, transcript_len ); if( from == MBEDTLS_SSL_IS_CLIENT ) - base_key = ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret; + base_key = tls13_hs_secrets->client_handshake_traffic_secret; else - base_key = ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret; + base_key = tls13_hs_secrets->server_handshake_traffic_secret; ret = ssl_tls13_calc_finished_core( md_type, base_key, transcript, dst ); if( ret != 0 ) @@ -692,9 +697,15 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, exit: /* Erase handshake secrets */ if( from == MBEDTLS_SSL_IS_CLIENT ) - mbedtls_platform_zeroize( base_key, sizeof( ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret ) ); + { + mbedtls_platform_zeroize( base_key, + sizeof( tls13_hs_secrets->client_handshake_traffic_secret ) ); + } else - mbedtls_platform_zeroize( base_key, sizeof( ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret ) ); + { + mbedtls_platform_zeroize( base_key, + sizeof( tls13_hs_secrets->server_handshake_traffic_secret ) ); + } mbedtls_platform_zeroize( transcript, sizeof( transcript ) ); return( ret ); } From b737f6a9befaba143eac87b8eb5ac068b8f1fab7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 10 Dec 2021 17:55:23 +0800 Subject: [PATCH 13/14] move base_key init Signed-off-by: Jerry Yu --- library/ssl_tls13_keys.c | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 6b8f8e146e..6f3338c818 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -655,8 +655,19 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, size_t transcript_len; unsigned char *base_key = NULL; + size_t base_key_len = 0; mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets = &ssl->handshake->tls13_hs_secrets; + if( from == MBEDTLS_SSL_IS_CLIENT ) + { + base_key = tls13_hs_secrets->client_handshake_traffic_secret; + base_key_len = sizeof( tls13_hs_secrets->client_handshake_traffic_secret ); + } + else + { + base_key = tls13_hs_secrets->server_handshake_traffic_secret; + base_key_len = sizeof( tls13_hs_secrets->server_handshake_traffic_secret ); + } mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac; const mbedtls_md_info_t* const md_info = @@ -681,11 +692,6 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, } MBEDTLS_SSL_DEBUG_BUF( 4, "handshake hash", transcript, transcript_len ); - if( from == MBEDTLS_SSL_IS_CLIENT ) - base_key = tls13_hs_secrets->client_handshake_traffic_secret; - else - base_key = tls13_hs_secrets->server_handshake_traffic_secret; - ret = ssl_tls13_calc_finished_core( md_type, base_key, transcript, dst ); if( ret != 0 ) goto exit; @@ -696,16 +702,7 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, exit: /* Erase handshake secrets */ - if( from == MBEDTLS_SSL_IS_CLIENT ) - { - mbedtls_platform_zeroize( base_key, - sizeof( tls13_hs_secrets->client_handshake_traffic_secret ) ); - } - else - { - mbedtls_platform_zeroize( base_key, - sizeof( tls13_hs_secrets->server_handshake_traffic_secret ) ); - } + mbedtls_platform_zeroize( base_key, base_key_len ); mbedtls_platform_zeroize( transcript, sizeof( transcript ) ); return( ret ); } From a5563f611510ff726a667e1f213478dc36a71985 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 10 Dec 2021 18:14:36 +0800 Subject: [PATCH 14/14] move position of base_key init Signed-off-by: Jerry Yu --- library/ssl_tls13_keys.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 6f3338c818..357b3fb0c9 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -658,6 +658,14 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, size_t base_key_len = 0; mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets = &ssl->handshake->tls13_hs_secrets; + + mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac; + const mbedtls_md_info_t* const md_info = + mbedtls_md_info_from_type( md_type ); + size_t const md_size = mbedtls_md_get_size( md_info ); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_calculate_verify_data" ) ); + if( from == MBEDTLS_SSL_IS_CLIENT ) { base_key = tls13_hs_secrets->client_handshake_traffic_secret; @@ -669,13 +677,6 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, base_key_len = sizeof( tls13_hs_secrets->server_handshake_traffic_secret ); } - mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac; - const mbedtls_md_info_t* const md_info = - mbedtls_md_info_from_type( md_type ); - size_t const md_size = mbedtls_md_get_size( md_info ); - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_calculate_verify_data" ) ); - if( dst_len < md_size ) { ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;