commit 16c895dff3798d31aa3990550b7bef05838477d2
author Yanray Wang <yanray.wang@arm.com> Thu Dec 15 15:14:35 2022 +0800
committer Yanray Wang <yanray.wang@arm.com> Thu Jan 12 14:27:06 2023 +0800
tree b6a687073b008dc8d43be6a1424db17398e156c5
parent bae9e74d39dc759d1b64455a26792311cdfb70de

TLS1.3: zeroize tls13_early_secrets after its lifetime

Signed-off-by: Yanray Wang <yanray.wang@arm.com>

library/ssl_tls13_keys.c

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index fc3dc0f..c951a36 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1110,10 +1110,10 @@
     size_t transcript_len;
     size_t key_len;
     size_t iv_len;
+    mbedtls_ssl_tls13_early_secrets tls13_early_secrets;
 
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info;
-    mbedtls_ssl_tls13_early_secrets tls13_early_secrets;
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_generate_early_key"));
 
@@ -1178,6 +1178,10 @@
     traffic_keys->key_len = key_len;
     traffic_keys->iv_len = iv_len;
 
+    /* Erase early secrets */
+    mbedtls_platform_zeroize(
+        &tls13_early_secrets, sizeof(mbedtls_ssl_tls13_early_secrets));
+
     MBEDTLS_SSL_DEBUG_BUF(4, "client early write_key",
                           traffic_keys->client_write_key,
                           traffic_keys->key_len);
@@ -1189,7 +1193,7 @@
     MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_tls13_generate_early_key"));
 
 cleanup:
-    /* Erase secret and transcript */
+    /* Erase early secrets and transcript */
     mbedtls_platform_zeroize(
         &tls13_early_secrets, sizeof(mbedtls_ssl_tls13_early_secrets));
     mbedtls_platform_zeroize(transcript, sizeof(transcript));