move zeroize master secrets
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
parent
2c70a39d97
commit
23ab7a46a3
2 changed files with 4 additions and 2 deletions
|
@ -1646,8 +1646,7 @@ static int ssl_tls13_flush_buffers( mbedtls_ssl_context *ssl )
|
||||||
*/
|
*/
|
||||||
static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
|
static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
mbedtls_platform_zeroize( &ssl->handshake->tls13_master_secrets,
|
|
||||||
sizeof(ssl->handshake->tls13_master_secrets));
|
|
||||||
mbedtls_platform_zeroize( &ssl->handshake->tls13_hs_secrets,
|
mbedtls_platform_zeroize( &ssl->handshake->tls13_hs_secrets,
|
||||||
sizeof(ssl->handshake->tls13_hs_secrets));
|
sizeof(ssl->handshake->tls13_hs_secrets));
|
||||||
|
|
||||||
|
|
|
@ -1164,6 +1164,9 @@ int mbedtls_ssl_tls13_generate_application_keys(
|
||||||
handshake->tls13_master_secrets.app,
|
handshake->tls13_master_secrets.app,
|
||||||
transcript, transcript_len,
|
transcript, transcript_len,
|
||||||
app_secrets );
|
app_secrets );
|
||||||
|
/* Erase master secrets*/
|
||||||
|
mbedtls_platform_zeroize( &ssl->handshake->tls13_master_secrets,
|
||||||
|
sizeof(ssl->handshake->tls13_master_secrets));
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1,
|
MBEDTLS_SSL_DEBUG_RET( 1,
|
||||||
|
|
Loading…
Reference in a new issue