Skip to content

Commit f1a0807

Browse files
FrauschiFrauschi
committed
Add missing ForceZero calls
1 parent 36328e3 commit f1a0807

3 files changed

Lines changed: 49 additions & 12 deletions

File tree

src/keys.c

Lines changed: 26 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3948,6 +3948,17 @@ int DeriveKeys(WOLFSSL* ssl)
39483948
ret = StoreKeys(ssl, keyData, PROVISION_CLIENT_SERVER);
39493949
}
39503950

3951+
ForceZero(shaOutput, WC_SHA_DIGEST_SIZE);
3952+
ForceZero(md5Input, SECRET_LEN + WC_SHA_DIGEST_SIZE);
3953+
ForceZero(shaInput, KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN);
3954+
ForceZero(keyData, KEY_PREFIX * WC_MD5_DIGEST_SIZE);
3955+
#ifdef WOLFSSL_CHECK_MEM_ZERO
3956+
wc_MemZero_Check(shaOutput, WC_SHA_DIGEST_SIZE);
3957+
wc_MemZero_Check(md5Input, SECRET_LEN + WC_SHA_DIGEST_SIZE);
3958+
wc_MemZero_Check(shaInput, KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN);
3959+
wc_MemZero_Check(keyData, KEY_PREFIX * WC_MD5_DIGEST_SIZE);
3960+
#endif
3961+
39513962
WC_FREE_VAR_EX(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
39523963
WC_FREE_VAR_EX(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
39533964
WC_FREE_VAR_EX(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -3963,16 +3974,20 @@ static int CleanPreMaster(WOLFSSL* ssl)
39633974
{
39643975
int i, ret, sz = (int)(ssl->arrays->preMasterSz);
39653976

3966-
for (i = 0; i < sz; i++)
3967-
ssl->arrays->preMasterSecret[i] = 0;
3977+
ForceZero(ssl->arrays->preMasterSecret, sz);
3978+
#ifdef WOLFSSL_CHECK_MEM_ZERO
3979+
wc_MemZero_Check(ssl->arrays->preMasterSecret, sz);
3980+
#endif
39683981

39693982
ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret,
39703983
(word32)(sz));
39713984
if (ret != 0)
39723985
return ret;
39733986

3974-
for (i = 0; i < sz; i++)
3975-
ssl->arrays->preMasterSecret[i] = 0;
3987+
ForceZero(ssl->arrays->preMasterSecret, sz);
3988+
#ifdef WOLFSSL_CHECK_MEM_ZERO
3989+
wc_MemZero_Check(ssl->arrays->preMasterSecret, sz);
3990+
#endif
39763991

39773992
XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
39783993
ssl->arrays->preMasterSecret = NULL;
@@ -4096,6 +4111,13 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
40964111
ret = DeriveKeys(ssl);
40974112
}
40984113

4114+
ForceZero(md5Input, ENCRYPT_LEN + WC_SHA_DIGEST_SIZE);
4115+
ForceZero(shaInput, PREFIX + ENCRYPT_LEN + 2 * RAN_LEN);
4116+
#ifdef WOLFSSL_CHECK_MEM_ZERO
4117+
wc_MemZero_Check(md5Input, ENCRYPT_LEN + WC_SHA_DIGEST_SIZE);
4118+
wc_MemZero_Check(shaInput, PREFIX + ENCRYPT_LEN + 2 * RAN_LEN);
4119+
#endif
4120+
40994121
WC_FREE_VAR_EX(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
41004122
WC_FREE_VAR_EX(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
41014123
WC_FREE_VAR_EX(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);

src/tls.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -488,6 +488,11 @@ int DeriveTlsKeys(WOLFSSL* ssl)
488488
if (ret == 0)
489489
ret = StoreKeys(ssl, key_dig, PROVISION_CLIENT_SERVER);
490490

491+
ForceZero(key_dig, MAX_PRF_DIG);
492+
#ifdef WOLFSSL_CHECK_MEM_ZERO
493+
wc_MemZero_Check(key_dig, MAX_PRF_DIG);
494+
#endif
495+
491496
WC_FREE_VAR_EX(key_dig, ssl->heap, DYNAMIC_TYPE_DIGEST);
492497

493498
return ret;

src/tls13.c

Lines changed: 18 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1208,7 +1208,7 @@ int DeriveHandshakeSecret(WOLFSSL* ssl)
12081208
derivedLabel, DERIVED_LABEL_SZ,
12091209
NULL, 0, ssl->specs.mac_algorithm);
12101210
if (ret != 0)
1211-
return ret;
1211+
goto end;
12121212

12131213
PRIVATE_KEY_UNLOCK();
12141214
ret = Tls13_HKDF_Extract(ssl, ssl->arrays->preMasterSecret,
@@ -1217,6 +1217,11 @@ int DeriveHandshakeSecret(WOLFSSL* ssl)
12171217
mac2hash(ssl->specs.mac_algorithm));
12181218
PRIVATE_KEY_LOCK();
12191219

1220+
end:
1221+
ForceZero(key, sizeof(key));
1222+
#ifdef WOLFSSL_CHECK_MEM_ZERO
1223+
wc_MemZero_Check(key, sizeof(key));
1224+
#endif
12201225
return ret;
12211226
}
12221227

@@ -1244,14 +1249,19 @@ int DeriveMasterSecret(WOLFSSL* ssl)
12441249
ret = DeriveKeyMsg(ssl, key, -1, ssl->arrays->preMasterSecret,
12451250
derivedLabel, DERIVED_LABEL_SZ,
12461251
NULL, 0, ssl->specs.mac_algorithm);
1247-
if (ret != 0)
1248-
return ret;
1252+
if (ret == 0) {
1253+
PRIVATE_KEY_UNLOCK();
1254+
ret = Tls13_HKDF_Extract(ssl, ssl->arrays->masterSecret,
1255+
key, ssl->specs.hash_size,
1256+
ssl->arrays->masterSecret, 0,
1257+
mac2hash(ssl->specs.mac_algorithm));
1258+
PRIVATE_KEY_LOCK();
1259+
}
12491260

1250-
PRIVATE_KEY_UNLOCK();
1251-
ret = Tls13_HKDF_Extract(ssl, ssl->arrays->masterSecret,
1252-
key, ssl->specs.hash_size,
1253-
ssl->arrays->masterSecret, 0, mac2hash(ssl->specs.mac_algorithm));
1254-
PRIVATE_KEY_LOCK();
1261+
ForceZero(key, sizeof(key));
1262+
#ifdef WOLFSSL_CHECK_MEM_ZERO
1263+
wc_MemZero_Check(key, sizeof(key));
1264+
#endif
12551265

12561266
#ifdef HAVE_KEYING_MATERIAL
12571267
if (ret != 0)

0 commit comments

Comments
 (0)