commit bae9e74d39dc759d1b64455a26792311cdfb70de
author Yanray Wang <yanray.wang@arm.com> Tue Dec 13 14:58:45 2022 +0800
committer Yanray Wang <yanray.wang@arm.com> Thu Jan 12 14:27:06 2023 +0800
tree b2d78e302a294bc75595ad3ba9241a322c6528e2
parent 6b4cb63aed23f16e1569a7a2bac0bcc8c0ed6afd

Enhancement: change tls13_early_secrets to local variable

Since tls13_early_secrets is only temperately used in the function,
there is no need to keep it in the handshake context.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>

library/ssl_tls13_keys.c

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index ecfdab3..fc3dc0f 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1113,7 +1113,7 @@
 
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info;
-    mbedtls_ssl_tls13_early_secrets *tls13_early_secrets = &handshake->tls13_early_secrets;
+    mbedtls_ssl_tls13_early_secrets tls13_early_secrets;
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_generate_early_key"));
 
@@ -1141,7 +1141,7 @@
 
     ret = mbedtls_ssl_tls13_derive_early_secrets(
         hash_alg, handshake->tls13_master_secrets.early,
-        transcript, transcript_len, tls13_early_secrets);
+        transcript, transcript_len, &tls13_early_secrets);
     if (ret != 0) {
         MBEDTLS_SSL_DEBUG_RET(
             1, "mbedtls_ssl_tls13_derive_early_secrets", ret);
@@ -1150,7 +1150,7 @@
 
     MBEDTLS_SSL_DEBUG_BUF(
         4, "Client early traffic secret",
-        tls13_early_secrets->client_early_traffic_secret, hash_len);
+        tls13_early_secrets.client_early_traffic_secret, hash_len);
 
     /*
      * Export client handshake traffic secret
@@ -1159,7 +1159,7 @@
         ssl->f_export_keys(
             ssl->p_export_keys,
             MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET,
-            tls13_early_secrets->client_early_traffic_secret,
+            tls13_early_secrets.client_early_traffic_secret,
             hash_len,
             handshake->randbytes,
             handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
@@ -1168,7 +1168,7 @@
 
     ret = ssl_tls13_make_traffic_key(
         hash_alg,
-        tls13_early_secrets->client_early_traffic_secret,
+        tls13_early_secrets.client_early_traffic_secret,
         hash_len, traffic_keys->client_write_key, key_len,
         traffic_keys->client_write_iv, iv_len);
     if (ret != 0) {
@@ -1191,7 +1191,7 @@
 cleanup:
     /* Erase secret and transcript */
     mbedtls_platform_zeroize(
-        tls13_early_secrets, sizeof(mbedtls_ssl_tls13_early_secrets));
+        &tls13_early_secrets, sizeof(mbedtls_ssl_tls13_early_secrets));
     mbedtls_platform_zeroize(transcript, sizeof(transcript));
     return ret;
 }