Merge pull request #5256 from yuhaoth/pr/clean-up-secrets-after-done

TLS1.3 MVP: Erase secrets when they are not necessary anymore.
2021-12-10 12:48:25 +01:00 · 2021-12-10 12:48:25 +01:00 · 4525cce691
commit 4525cce691
parent 6b07916e40 a5563f6115
2 changed files with 28 additions and 10 deletions
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@ -654,7 +654,10 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
    unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
    size_t transcript_len;
-    unsigned char const *base_key = NULL;
+    unsigned char *base_key = NULL;
    size_t base_key_len = 0;
    mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets =
                                            &ssl->handshake->tls13_hs_secrets;
    mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
    const mbedtls_md_info_t* const md_info =
@ -663,8 +666,22 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_calculate_verify_data" ) );
    if( from == MBEDTLS_SSL_IS_CLIENT )
    {
        base_key = tls13_hs_secrets->client_handshake_traffic_secret;
        base_key_len = sizeof( tls13_hs_secrets->client_handshake_traffic_secret );
    }
    else
    {
        base_key = tls13_hs_secrets->server_handshake_traffic_secret;
        base_key_len = sizeof( tls13_hs_secrets->server_handshake_traffic_secret );
    }
    if( dst_len < md_size )
-        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+    {
        ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
        goto exit;
    }
    ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
                                                transcript, sizeof( transcript ),
@ -676,11 +693,6 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
    }
    MBEDTLS_SSL_DEBUG_BUF( 4, "handshake hash", transcript, transcript_len );
    if( from == MBEDTLS_SSL_IS_CLIENT )
        base_key = ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret;
    else
        base_key = ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret;
    ret = ssl_tls13_calc_finished_core( md_type, base_key, transcript, dst );
    if( ret != 0 )
        goto exit;
@ -690,7 +702,8 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls13_calculate_verify_data" ) );
 exit:
-
+    /* Erase handshake secrets */
    mbedtls_platform_zeroize( base_key, base_key_len );
    mbedtls_platform_zeroize( transcript, sizeof( transcript ) );
    return( ret );
 }
@ -1164,6 +1177,9 @@ int mbedtls_ssl_tls13_generate_application_keys(
                                   handshake->tls13_master_secrets.app,
                                   transcript, transcript_len,
                                   app_secrets );
    /* Erase master secrets */
    mbedtls_platform_zeroize( &ssl->handshake->tls13_master_secrets,
                              sizeof( ssl->handshake->tls13_master_secrets ) );
    if( ret != 0 )
    {
        MBEDTLS_SSL_DEBUG_RET( 1,
@ -1225,7 +1241,9 @@ int mbedtls_ssl_tls13_generate_application_keys(
    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive application traffic keys" ) );
 cleanup:
-
+    /* randbytes is not used again */
    mbedtls_platform_zeroize( ssl->handshake->randbytes,
                              sizeof( ssl->handshake->randbytes ) );
    mbedtls_platform_zeroize( transcript, sizeof( transcript ) );
    return( ret );
 }