mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-30 16:20:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Do not erase input key in psa_tls12_prf_psk_to_ms_set_key()

Browse Source 
When ALG_TLS12_PSK_TO_MS() is used, first derivation is correct
but the following derivations output data is incorrect.

This is because input key is erased in psa_tls12_prf_psk_to_ms_set_key()
since commit 03faf5d2c174eef1ebab39a8139a4042e77049b8.

Fixes: 03faf5d2c174eef1ebab39a8139a4042e77049b8 ("psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage")
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong 2022-05-04 11:06:20 +02:00
parent 068a13d909
commit b743d95051
1 changed files with 0 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
library/psa_crypto.c
View File

@ -5371,7 +5371,6 @@ static psa_status_t psa_tls12_prf_psk_to_ms_set_key(
*cur++ = MBEDTLS_BYTE_1( data_length );
*cur++ = MBEDTLS_BYTE_0( data_length );
memcpy( cur, data, data_length );
mbedtls_platform_zeroize( (void*) data, data_length );
cur += data_length;
status = psa_tls12_prf_set_key( prf, pms, cur - pms );