yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-24 10:35:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Zeroize secret data in the exit point

Browse source 
Zeroize the secret data in `mbedtls_ssl_derive_keys()`
in the single exit point.
This commit is contained in:
Ron Eldor 2019-05-07 18:29:02 +03:00
parent e699270908
commit a9f9a73920
1 changed files with 3 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
library/ssl_tls.c
View file

@ -988,9 +988,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 ); MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 );
MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 ); MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
mbedtls_platform_zeroize( handshake->randbytes,
sizeof( handshake->randbytes ) );
/* /*
* Determine the appropriate key, IV and MAC length. * Determine the appropriate key, IV and MAC length.
*/ */
@ -1365,7 +1362,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
} }
#endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_CIPHER_MODE_CBC */
mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
#if defined(MBEDTLS_ZLIB_SUPPORT) #if defined(MBEDTLS_ZLIB_SUPPORT)
// Initialize compression // Initialize compression
@ -1403,7 +1399,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
end: end:
mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
mbedtls_platform_zeroize( handshake->randbytes,
sizeof( handshake->randbytes ) );
return( ret ); return( ret );
} }