AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Zeroize hkdf_label buffer

Browse Source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2022-06-23 09:22:49 +02:00
parent 38ab400dc4
commit 1b0ebdf363
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
library/ssl_tls13_keys.c
View File

@ -145,7 +145,7 @@ int mbedtls_ssl_tls13_hkdf_expand_label(
unsigned char *buf, size_t buf_len )
{
unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ];
size_t hkdf_label_len;
size_t hkdf_label_len = 0;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_derivation_operation_t operation =
@ -211,6 +211,7 @@ int mbedtls_ssl_tls13_hkdf_expand_label(
cleanup:
abort_status = psa_key_derivation_abort( &operation );
status = ( status == PSA_SUCCESS ? abort_status : status );
mbedtls_platform_zeroize( hkdf_label, hkdf_label_len );
return( psa_ssl_status_to_mbedtls ( status ) );
}