Enhancement: change tls13_early_secrets to local variable

Since tls13_early_secrets is only temperately used in the function,
there is no need to keep it in the handshake context.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit is contained in:
Yanray Wang 2022-12-13 14:58:45 +08:00
parent 6b4cb63aed
commit bae9e74d39
2 changed files with 6 additions and 7 deletions

View File

@ -986,7 +986,6 @@ struct mbedtls_ssl_handshake_params {
mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets;
#if defined(MBEDTLS_SSL_EARLY_DATA)
mbedtls_ssl_tls13_early_secrets tls13_early_secrets;
/** TLS 1.3 transform for early data and handshake messages. */
mbedtls_ssl_transform *transform_earlydata;
#endif

View File

@ -1113,7 +1113,7 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl,
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info;
mbedtls_ssl_tls13_early_secrets *tls13_early_secrets = &handshake->tls13_early_secrets;
mbedtls_ssl_tls13_early_secrets tls13_early_secrets;
MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_generate_early_key"));
@ -1141,7 +1141,7 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl,
ret = mbedtls_ssl_tls13_derive_early_secrets(
hash_alg, handshake->tls13_master_secrets.early,
transcript, transcript_len, tls13_early_secrets);
transcript, transcript_len, &tls13_early_secrets);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(
1, "mbedtls_ssl_tls13_derive_early_secrets", ret);
@ -1150,7 +1150,7 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_BUF(
4, "Client early traffic secret",
tls13_early_secrets->client_early_traffic_secret, hash_len);
tls13_early_secrets.client_early_traffic_secret, hash_len);
/*
* Export client handshake traffic secret
@ -1159,7 +1159,7 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl,
ssl->f_export_keys(
ssl->p_export_keys,
MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET,
tls13_early_secrets->client_early_traffic_secret,
tls13_early_secrets.client_early_traffic_secret,
hash_len,
handshake->randbytes,
handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
@ -1168,7 +1168,7 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl,
ret = ssl_tls13_make_traffic_key(
hash_alg,
tls13_early_secrets->client_early_traffic_secret,
tls13_early_secrets.client_early_traffic_secret,
hash_len, traffic_keys->client_write_key, key_len,
traffic_keys->client_write_iv, iv_len);
if (ret != 0) {
@ -1191,7 +1191,7 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl,
cleanup:
/* Erase secret and transcript */
mbedtls_platform_zeroize(
tls13_early_secrets, sizeof(mbedtls_ssl_tls13_early_secrets));
&tls13_early_secrets, sizeof(mbedtls_ssl_tls13_early_secrets));
mbedtls_platform_zeroize(transcript, sizeof(transcript));
return ret;
}