Skip to content

Commit ed0976a

Browse files
julek-wolfssljulek-wolfssl
committed
ForceZero binderKey and binder buffers in DoPreSharedKeys F-1463
1 parent b72a213 commit ed0976a

1 file changed

Lines changed: 28 additions & 18 deletions

File tree

src/tls13.c

Lines changed: 28 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -6144,15 +6144,17 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
61446144
ext = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY);
61456145
if (ext == NULL) {
61466146
WOLFSSL_MSG("No pre shared extension keys found");
6147-
return BAD_FUNC_ARG;
6147+
ret = BAD_FUNC_ARG;
6148+
goto cleanup;
61486149
}
61496150

61506151
/* Look through all client's pre-shared keys for a match. */
61516152
for (current = (PreSharedKey*)ext->data; current != NULL;
61526153
current = current->next) {
61536154
#ifndef NO_PSK
61546155
if (current->identityLen > MAX_PSK_ID_LEN) {
6155-
return BUFFER_ERROR;
6156+
ret = BUFFER_ERROR;
6157+
goto cleanup;
61566158
}
61576159
XMEMCPY(ssl->arrays->client_identity, current->identity,
61586160
current->identityLen);
@@ -6179,7 +6181,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
61796181

61806182
#ifdef WOLFSSL_ASYNC_CRYPT
61816183
if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
6182-
return ret;
6184+
goto cleanup;
61836185
#endif
61846186

61856187
if (ret != WOLFSSL_TICKET_RET_OK && current->sess_free_cb != NULL) {
@@ -6214,45 +6216,45 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
62146216
ssl->options.cipherSuite = ssl->session->cipherSuite;
62156217
ret = SetCipherSpecs(ssl);
62166218
if (ret != 0)
6217-
return ret;
6219+
goto cleanup;
62186220

62196221
/* Resumption PSK is resumption master secret. */
62206222
ssl->arrays->psk_keySz = ssl->specs.hash_size;
62216223
if ((ret = DeriveResumptionPSK(ssl, ssl->session->ticketNonce.data,
62226224
ssl->session->ticketNonce.len, ssl->arrays->psk_key)) != 0) {
6223-
return ret;
6225+
goto cleanup;
62246226
}
62256227

62266228
/* Derive the early secret using the PSK. */
62276229
ret = DeriveEarlySecret(ssl);
62286230
if (ret != 0)
6229-
return ret;
6231+
goto cleanup;
62306232

62316233
/* Hash data up to binders for deriving binders in PSK extension. */
62326234
ret = HashInput(ssl, input, (int)inputSz);
62336235
if (ret < 0)
6234-
return ret;
6236+
goto cleanup;
62356237

62366238
/* Derive the binder key to use with HMAC. */
62376239
ret = DeriveBinderKeyResume(ssl, binderKey);
62386240
if (ret != 0)
6239-
return ret;
6241+
goto cleanup;
62406242
}
62416243
else
62426244
#endif /* HAVE_SESSION_TICKET */
62436245
#ifndef NO_PSK
62446246
if (FindPsk(ssl, current, suite, &ret)) {
62456247
if (ret != 0)
6246-
return ret;
6248+
goto cleanup;
62476249

62486250
ret = HashInput(ssl, input, (int)inputSz);
62496251
if (ret < 0)
6250-
return ret;
6252+
goto cleanup;
62516253

62526254
/* Derive the binder key to use with HMAC. */
62536255
ret = DeriveBinderKey(ssl, binderKey);
62546256
if (ret != 0)
6255-
return ret;
6257+
goto cleanup;
62566258
}
62576259
else
62586260
#endif
@@ -6267,18 +6269,19 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
62676269
ssl->keys.client_write_MAC_secret,
62686270
0 /* neither end */);
62696271
if (ret != 0)
6270-
return ret;
6272+
goto cleanup;
62716273

62726274
/* Derive the binder and compare with the one in the extension. */
62736275
ret = BuildTls13HandshakeHmac(ssl,
62746276
ssl->keys.client_write_MAC_secret, binder, &binderLen);
62756277
if (ret != 0)
6276-
return ret;
6278+
goto cleanup;
62776279
if (binderLen != current->binderLen ||
62786280
ConstantCompare(binder, current->binder,
62796281
binderLen) != 0) {
62806282
WOLFSSL_ERROR_VERBOSE(BAD_BINDER);
6281-
return BAD_BINDER;
6283+
ret = BAD_BINDER;
6284+
goto cleanup;
62826285
}
62836286

62846287
/* This PSK works, no need to try any more. */
@@ -6290,19 +6293,26 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
62906293
if (current == NULL) {
62916294
#ifdef WOLFSSL_PSK_ID_PROTECTION
62926295
#ifndef NO_CERTS
6293-
if (ssl->buffers.certChainCnt != 0)
6294-
return 0;
6296+
if (ssl->buffers.certChainCnt != 0) {
6297+
ret = 0;
6298+
goto cleanup;
6299+
}
62956300
#endif
62966301
WOLFSSL_ERROR_VERBOSE(BAD_BINDER);
6297-
return BAD_BINDER;
6302+
ret = BAD_BINDER;
6303+
goto cleanup;
62986304
#else
6299-
return 0;
6305+
ret = 0;
6306+
goto cleanup;
63006307
#endif
63016308
}
63026309

63036310
*first = (current == ext->data);
63046311
*usingPSK = 1;
63056312

6313+
cleanup:
6314+
ForceZero(binderKey, sizeof(binderKey));
6315+
ForceZero(binder, sizeof(binder));
63066316
WOLFSSL_LEAVE("DoPreSharedKeys", ret);
63076317

63086318
return ret;

0 commit comments

Comments
 (0)