move zeroize master secrets

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2021-12-08 14:34:10 +08:00
parent 2c70a39d97
commit 23ab7a46a3
2 changed files with 4 additions and 2 deletions

View file

@ -1646,8 +1646,7 @@ static int ssl_tls13_flush_buffers( mbedtls_ssl_context *ssl )
*/ */
static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ) static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
{ {
mbedtls_platform_zeroize( &ssl->handshake->tls13_master_secrets,
sizeof(ssl->handshake->tls13_master_secrets));
mbedtls_platform_zeroize( &ssl->handshake->tls13_hs_secrets, mbedtls_platform_zeroize( &ssl->handshake->tls13_hs_secrets,
sizeof(ssl->handshake->tls13_hs_secrets)); sizeof(ssl->handshake->tls13_hs_secrets));

View file

@ -1164,6 +1164,9 @@ int mbedtls_ssl_tls13_generate_application_keys(
handshake->tls13_master_secrets.app, handshake->tls13_master_secrets.app,
transcript, transcript_len, transcript, transcript_len,
app_secrets ); app_secrets );
/* Erase master secrets*/
mbedtls_platform_zeroize( &ssl->handshake->tls13_master_secrets,
sizeof(ssl->handshake->tls13_master_secrets));
if( ret != 0 ) if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, MBEDTLS_SSL_DEBUG_RET( 1,