cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-30 19:20:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

move zerioize tls13_hs_secrets

Browse Source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2021-12-08 15:57:57 +08:00
parent 23ab7a46a3
commit 7ca3054795
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
library/ssl_tls13_client.c
View File

@ -1647,9 +1647,6 @@ static int ssl_tls13_flush_buffers( mbedtls_ssl_context *ssl )
static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ) static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
{ {
mbedtls_platform_zeroize( &ssl->handshake->tls13_hs_secrets,
sizeof(ssl->handshake->tls13_hs_secrets));
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to application keys for inbound traffic" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to application keys for inbound traffic" ) );
mbedtls_ssl_set_inbound_transform ( ssl, ssl->transform_application ); mbedtls_ssl_set_inbound_transform ( ssl, ssl->transform_application );

8
library/ssl_tls13_generic.c
View File

@ -1060,10 +1060,14 @@ static int ssl_tls13_prepare_finished_message( mbedtls_ssl_context *ssl )
sizeof( ssl->handshake->state_local.finished_out.digest ), sizeof( ssl->handshake->state_local.finished_out.digest ),
&ssl->handshake->state_local.finished_out.digest_len, &ssl->handshake->state_local.finished_out.digest_len,
ssl->conf->endpoint ); ssl->conf->endpoint );
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
mbedtls_platform_zeroize( &ssl->handshake->tls13_hs_secrets,
sizeof(ssl->handshake->tls13_hs_secrets));
}
if( ret != 0 ) if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "calculate_verify_data failed", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "calculate_verify_data failed", ret );
return( ret ); return( ret );
} }