From 4a2fa5d0aaa99ce906bcaee76deeb67273b4b691 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 10 Dec 2021 10:19:34 +0800 Subject: [PATCH] Move erase handshake secrets Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 1 - library/ssl_tls13_generic.c | 6 +----- library/ssl_tls13_keys.c | 14 +++++++++++--- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 88f240e65..1874d4fde 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1646,7 +1646,6 @@ static int ssl_tls13_flush_buffers( mbedtls_ssl_context *ssl ) */ static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to application keys for inbound traffic" ) ); mbedtls_ssl_set_inbound_transform ( ssl, ssl->transform_application ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index d15296f74..4543d742b 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1060,11 +1060,7 @@ static int ssl_tls13_prepare_finished_message( mbedtls_ssl_context *ssl ) sizeof( ssl->handshake->state_local.finished_out.digest ), &ssl->handshake->state_local.finished_out.digest_len, ssl->conf->endpoint ); - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) - { - mbedtls_platform_zeroize( &ssl->handshake->tls13_hs_secrets, - sizeof( ssl->handshake->tls13_hs_secrets ) ); - } + if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "calculate_verify_data failed", ret ); diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 3306d62d1..ea0c55bff 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -654,7 +654,8 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; size_t transcript_len; - unsigned char const *base_key = NULL; + unsigned char *base_key = NULL; + size_t base_key_len; mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac; const mbedtls_md_info_t* const md_info = @@ -677,9 +678,15 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, MBEDTLS_SSL_DEBUG_BUF( 4, "handshake hash", transcript, transcript_len ); if( from == MBEDTLS_SSL_IS_CLIENT ) + { base_key = ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret; + base_key_len = sizeof( ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret ); + } else + { base_key = ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret; + base_key_len = sizeof( ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret ); + } ret = ssl_tls13_calc_finished_core( md_type, base_key, transcript, dst ); if( ret != 0 ) @@ -690,7 +697,8 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls13_calculate_verify_data" ) ); exit: - + /* Erase handshake secrets */ + mbedtls_platform_zeroize( base_key, base_key_len ); mbedtls_platform_zeroize( transcript, sizeof( transcript ) ); return( ret ); } @@ -1164,7 +1172,7 @@ int mbedtls_ssl_tls13_generate_application_keys( handshake->tls13_master_secrets.app, transcript, transcript_len, app_secrets ); - /* Erase master secrets*/ + /* Erase master secrets */ mbedtls_platform_zeroize( &ssl->handshake->tls13_master_secrets, sizeof( ssl->handshake->tls13_master_secrets ) ); if( ret != 0 )