Skip to content

Commit c577968

Browse files
FrauschiFrauschi
committed
Add missing ForceZero calls
1 parent 36328e3 commit c577968

3 files changed

Lines changed: 56 additions & 13 deletions

File tree

src/keys.c

Lines changed: 33 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,12 @@
3333
#include <stdio.h>
3434
#endif
3535
#endif
36+
#ifdef NO_INLINE
37+
#include <wolfssl/wolfcrypt/misc.h>
38+
#else
39+
#define WOLFSSL_MISC_INCLUDED
40+
#include <wolfcrypt/src/misc.c>
41+
#endif
3642

3743
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)
3844
#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
@@ -3948,6 +3954,17 @@ int DeriveKeys(WOLFSSL* ssl)
39483954
ret = StoreKeys(ssl, keyData, PROVISION_CLIENT_SERVER);
39493955
}
39503956

3957+
ForceZero(shaOutput, WC_SHA_DIGEST_SIZE);
3958+
ForceZero(md5Input, SECRET_LEN + WC_SHA_DIGEST_SIZE);
3959+
ForceZero(shaInput, KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN);
3960+
ForceZero(keyData, KEY_PREFIX * WC_MD5_DIGEST_SIZE);
3961+
#ifdef WOLFSSL_CHECK_MEM_ZERO
3962+
wc_MemZero_Check(shaOutput, WC_SHA_DIGEST_SIZE);
3963+
wc_MemZero_Check(md5Input, SECRET_LEN + WC_SHA_DIGEST_SIZE);
3964+
wc_MemZero_Check(shaInput, KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN);
3965+
wc_MemZero_Check(keyData, KEY_PREFIX * WC_MD5_DIGEST_SIZE);
3966+
#endif
3967+
39513968
WC_FREE_VAR_EX(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
39523969
WC_FREE_VAR_EX(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
39533970
WC_FREE_VAR_EX(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -3961,18 +3978,22 @@ int DeriveKeys(WOLFSSL* ssl)
39613978

39623979
static int CleanPreMaster(WOLFSSL* ssl)
39633980
{
3964-
int i, ret, sz = (int)(ssl->arrays->preMasterSz);
3981+
int ret, sz = (int)(ssl->arrays->preMasterSz);
39653982

3966-
for (i = 0; i < sz; i++)
3967-
ssl->arrays->preMasterSecret[i] = 0;
3983+
ForceZero(ssl->arrays->preMasterSecret, sz);
3984+
#ifdef WOLFSSL_CHECK_MEM_ZERO
3985+
wc_MemZero_Check(ssl->arrays->preMasterSecret, sz);
3986+
#endif
39683987

39693988
ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret,
39703989
(word32)(sz));
39713990
if (ret != 0)
39723991
return ret;
39733992

3974-
for (i = 0; i < sz; i++)
3975-
ssl->arrays->preMasterSecret[i] = 0;
3993+
ForceZero(ssl->arrays->preMasterSecret, sz);
3994+
#ifdef WOLFSSL_CHECK_MEM_ZERO
3995+
wc_MemZero_Check(ssl->arrays->preMasterSecret, sz);
3996+
#endif
39763997

39773998
XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
39783999
ssl->arrays->preMasterSecret = NULL;
@@ -4096,6 +4117,13 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
40964117
ret = DeriveKeys(ssl);
40974118
}
40984119

4120+
ForceZero(md5Input, ENCRYPT_LEN + WC_SHA_DIGEST_SIZE);
4121+
ForceZero(shaInput, PREFIX + ENCRYPT_LEN + 2 * RAN_LEN);
4122+
#ifdef WOLFSSL_CHECK_MEM_ZERO
4123+
wc_MemZero_Check(md5Input, ENCRYPT_LEN + WC_SHA_DIGEST_SIZE);
4124+
wc_MemZero_Check(shaInput, PREFIX + ENCRYPT_LEN + 2 * RAN_LEN);
4125+
#endif
4126+
40994127
WC_FREE_VAR_EX(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
41004128
WC_FREE_VAR_EX(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
41014129
WC_FREE_VAR_EX(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);

src/tls.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -488,6 +488,11 @@ int DeriveTlsKeys(WOLFSSL* ssl)
488488
if (ret == 0)
489489
ret = StoreKeys(ssl, key_dig, PROVISION_CLIENT_SERVER);
490490

491+
ForceZero(key_dig, MAX_PRF_DIG);
492+
#ifdef WOLFSSL_CHECK_MEM_ZERO
493+
wc_MemZero_Check(key_dig, MAX_PRF_DIG);
494+
#endif
495+
491496
WC_FREE_VAR_EX(key_dig, ssl->heap, DYNAMIC_TYPE_DIGEST);
492497

493498
return ret;

src/tls13.c

Lines changed: 18 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1208,7 +1208,7 @@ int DeriveHandshakeSecret(WOLFSSL* ssl)
12081208
derivedLabel, DERIVED_LABEL_SZ,
12091209
NULL, 0, ssl->specs.mac_algorithm);
12101210
if (ret != 0)
1211-
return ret;
1211+
goto end;
12121212

12131213
PRIVATE_KEY_UNLOCK();
12141214
ret = Tls13_HKDF_Extract(ssl, ssl->arrays->preMasterSecret,
@@ -1217,6 +1217,11 @@ int DeriveHandshakeSecret(WOLFSSL* ssl)
12171217
mac2hash(ssl->specs.mac_algorithm));
12181218
PRIVATE_KEY_LOCK();
12191219

1220+
end:
1221+
ForceZero(key, sizeof(key));
1222+
#ifdef WOLFSSL_CHECK_MEM_ZERO
1223+
wc_MemZero_Check(key, sizeof(key));
1224+
#endif
12201225
return ret;
12211226
}
12221227

@@ -1244,14 +1249,19 @@ int DeriveMasterSecret(WOLFSSL* ssl)
12441249
ret = DeriveKeyMsg(ssl, key, -1, ssl->arrays->preMasterSecret,
12451250
derivedLabel, DERIVED_LABEL_SZ,
12461251
NULL, 0, ssl->specs.mac_algorithm);
1247-
if (ret != 0)
1248-
return ret;
1252+
if (ret == 0) {
1253+
PRIVATE_KEY_UNLOCK();
1254+
ret = Tls13_HKDF_Extract(ssl, ssl->arrays->masterSecret,
1255+
key, ssl->specs.hash_size,
1256+
ssl->arrays->masterSecret, 0,
1257+
mac2hash(ssl->specs.mac_algorithm));
1258+
PRIVATE_KEY_LOCK();
1259+
}
12491260

1250-
PRIVATE_KEY_UNLOCK();
1251-
ret = Tls13_HKDF_Extract(ssl, ssl->arrays->masterSecret,
1252-
key, ssl->specs.hash_size,
1253-
ssl->arrays->masterSecret, 0, mac2hash(ssl->specs.mac_algorithm));
1254-
PRIVATE_KEY_LOCK();
1261+
ForceZero(key, sizeof(key));
1262+
#ifdef WOLFSSL_CHECK_MEM_ZERO
1263+
wc_MemZero_Check(key, sizeof(key));
1264+
#endif
12551265

12561266
#ifdef HAVE_KEYING_MATERIAL
12571267
if (ret != 0)

0 commit comments

Comments
 (0)