Skip to content

Commit 96b4e01

Browse files
julek-wolfssljulek-wolfssl
committed
ForceZero mac buffer in DoTls13Finished before return F-1464
1 parent ed0976a commit 96b4e01

1 file changed

Lines changed: 27 additions & 18 deletions

File tree

src/tls13.c

Lines changed: 27 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -11346,28 +11346,30 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
1134611346
ret = NO_PEER_CERT; /* NO_PEER_VERIFY */
1134711347
WOLFSSL_MSG("TLS v1.3 client did not present peer cert");
1134811348
DoCertFatalAlert(ssl, ret);
11349-
return ret;
11349+
goto cleanup;
1135011350
}
1135111351
}
1135211352
#endif
1135311353

1135411354
/* check against totalSz */
11355-
if (*inOutIdx + size > totalSz)
11356-
return BUFFER_E;
11355+
if (*inOutIdx + size > totalSz) {
11356+
ret = BUFFER_E;
11357+
goto cleanup;
11358+
}
1135711359

1135811360
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
1135911361
ret = tsip_Tls13HandleFinished(ssl, input, inOutIdx, size, totalSz);
1136011362
if (ret == 0) {
1136111363
ssl->options.serverState = SERVER_FINISHED_COMPLETE;
11362-
return ret;
11364+
goto cleanup;
1136311365
}
1136411366
if (ret == WC_NO_ERR_TRACE(VERIFY_FINISHED_ERROR)) {
1136511367
SendAlert(ssl, alert_fatal, decrypt_error);
11366-
return ret;
11368+
goto cleanup;
1136711369
}
1136811370
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
1136911371
/* other errors */
11370-
return ret;
11372+
goto cleanup;
1137111373
}
1137211374
ret = 0;
1137311375
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
@@ -11377,7 +11379,7 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
1137711379
ssl->keys.client_write_MAC_secret,
1137811380
WOLFSSL_CLIENT_END);
1137911381
if (ret != 0)
11380-
return ret;
11382+
goto cleanup;
1138111383

1138211384
secret = ssl->keys.client_write_MAC_secret;
1138311385
}
@@ -11389,13 +11391,13 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
1138911391
ssl->keys.client_write_MAC_secret,
1139011392
WOLFSSL_CLIENT_END);
1139111393
if (ret != 0)
11392-
return ret;
11394+
goto cleanup;
1139311395

1139411396
ret = DeriveFinishedSecret(ssl, ssl->serverSecret,
1139511397
ssl->keys.server_write_MAC_secret,
1139611398
WOLFSSL_SERVER_END);
1139711399
if (ret != 0)
11398-
return ret;
11400+
goto cleanup;
1139911401

1140011402
secret = ssl->keys.server_write_MAC_secret;
1140111403
}
@@ -11408,7 +11410,8 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
1140811410
ret = BuildTls13HandshakeHmac(ssl, secret, mac, &finishedSz);
1140911411
#ifdef WOLFSSL_HAVE_TLS_UNIQUE
1141011412
if (finishedSz > TLS_FINISHED_SZ_MAX) {
11411-
return BUFFER_ERROR;
11413+
ret = BUFFER_ERROR;
11414+
goto cleanup;
1141211415
}
1141311416
if (ssl->options.side == WOLFSSL_CLIENT_END) {
1141411417
XMEMCPY(ssl->serverFinished, mac, finishedSz);
@@ -11420,9 +11423,11 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
1142011423
}
1142111424
#endif /* WOLFSSL_HAVE_TLS_UNIQUE */
1142211425
if (ret != 0)
11423-
return ret;
11424-
if (size != finishedSz)
11425-
return BUFFER_ERROR;
11426+
goto cleanup;
11427+
if (size != finishedSz) {
11428+
ret = BUFFER_ERROR;
11429+
goto cleanup;
11430+
}
1142611431
}
1142711432

1142811433
#ifdef WOLFSSL_CALLBACKS
@@ -11437,7 +11442,8 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
1143711442
WOLFSSL_MSG("Verify finished error on hashes");
1143811443
SendAlert(ssl, alert_fatal, decrypt_error);
1143911444
WOLFSSL_ERROR_VERBOSE(VERIFY_FINISHED_ERROR);
11440-
return VERIFY_FINISHED_ERROR;
11445+
ret = VERIFY_FINISHED_ERROR;
11446+
goto cleanup;
1144111447
}
1144211448
}
1144311449

@@ -11450,12 +11456,12 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
1145011456
#ifdef WOLFSSL_EARLY_DATA
1145111457
if (ssl->earlyData != no_early_data) {
1145211458
if ((ret = DeriveTls13Keys(ssl, no_key, DECRYPT_SIDE_ONLY, 1)) != 0)
11453-
return ret;
11459+
goto cleanup;
1145411460
}
1145511461
#endif
1145611462
/* Setup keys for application data messages from client. */
1145711463
if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
11458-
return ret;
11464+
goto cleanup;
1145911465
}
1146011466
#endif
1146111467

@@ -11486,10 +11492,13 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
1148611492
}
1148711493
#endif /* WOLFSSL_QUIC && WOLFSSL_EARLY_DATA */
1148811494

11489-
WOLFSSL_LEAVE("DoTls13Finished", 0);
11495+
ret = 0;
11496+
cleanup:
11497+
ForceZero(mac, sizeof(mac));
11498+
WOLFSSL_LEAVE("DoTls13Finished", ret);
1149011499
WOLFSSL_END(WC_FUNC_FINISHED_DO);
1149111500

11492-
return 0;
11501+
return ret;
1149311502
}
1149411503

1149511504
#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)

0 commit comments

Comments
 (0)