Merge pull request #8068 from paul-elliott-arm/fix_tls_zeroization
Fix TLS pad buffer zeroization
This commit is contained in:
commit
16a76721b6
2 changed files with 5 additions and 1 deletions
4
ChangeLog.d/fix-tls-padbuf-zeroization
Normal file
4
ChangeLog.d/fix-tls-padbuf-zeroization
Normal file
|
@ -0,0 +1,4 @@
|
|||
Security
|
||||
* Fix a case where potentially sensitive information held in memory would not
|
||||
be completely zeroized during TLS 1.2 handshake, in both server and client
|
||||
configurations.
|
|
@ -7722,7 +7722,7 @@ static int ssl_calc_finished_tls_generic(mbedtls_ssl_context *ssl, void *ctx,
|
|||
|
||||
MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len);
|
||||
|
||||
mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
|
||||
mbedtls_platform_zeroize(padbuf, hlen);
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
|
||||
|
||||
|
|
Loading…
Reference in a new issue