commit 16a76721b6475cd2fbb0f0f6340fdaadef1cd27a
author Dave Rodgman <dave.rodgman@arm.com> Fri Sep 01 23:35:23 2023 +0000
committer GitHub <noreply@github.com> Fri Sep 01 23:35:23 2023 +0000
tree b82d4db95a785bea39f76ac611fe64e054c51707
parent 02ad791f2973f5f5b86e1d7a1c1d72401f78f70b
parent 83ae22dbbdf75e55bd9b57f366e29855c39e7453

Merge pull request #8068 from paul-elliott-arm/fix_tls_zeroization

Fix TLS pad buffer zeroization

ChangeLog.d/fix-tls-padbuf-zeroization

diff --git a/ChangeLog.d/fix-tls-padbuf-zeroization b/ChangeLog.d/fix-tls-padbuf-zeroization
new file mode 100644
index 0000000..36451cb
--- /dev/null
+++ b/ChangeLog.d/fix-tls-padbuf-zeroization
@@ -0,0 +1,4 @@
+Security
+   * Fix a case where potentially sensitive information held in memory would not
+     be completely zeroized during TLS 1.2 handshake, in both server and client
+     configurations.

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 6ed8a86..7a1f855 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7722,7 +7722,7 @@
 
     MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len);
 
-    mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
+    mbedtls_platform_zeroize(padbuf, hlen);
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));