From 6a1d262803c4808791e082c56116bc709555b2ea Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 11 Jun 2019 10:37:28 +0100 Subject: [PATCH] Adapt psa_key_derivation_abort to the new context --- library/psa_crypto.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f4e94bf2f..6d3260bf8 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3881,11 +3881,11 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation mbedtls_free( operation->ctx.hkdf.info ); status = psa_hmac_abort_internal( &operation->ctx.hkdf.hmac ); } -#if defined(PSA_PRE_1_0_KEY_DERIVATION) else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */ PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { +#if defined(PSA_PRE_1_0_KEY_DERIVATION) if( operation->ctx.tls12_prf.key != NULL ) { mbedtls_platform_zeroize( operation->ctx.tls12_prf.key, @@ -3899,8 +3899,27 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation operation->ctx.tls12_prf.Ai_with_seed_len ); mbedtls_free( operation->ctx.tls12_prf.Ai_with_seed ); } - } +#else + if( operation->ctx.tls12_prf.seed != NULL ) + { + mbedtls_platform_zeroize( operation->ctx.tls12_prf.seed, + operation->ctx.tls12_prf.seed_length ); + mbedtls_free( operation->ctx.tls12_prf.seed ); + } + + if( operation->ctx.tls12_prf.label != NULL ) + { + mbedtls_platform_zeroize( operation->ctx.tls12_prf.label, + operation->ctx.tls12_prf.label_length ); + mbedtls_free( operation->ctx.tls12_prf.label ); + } + + status = psa_hmac_abort_internal( &operation->ctx.tls12_prf.hmac ); + + /* We leave the fields Ai and output_block to be erased safely by the + * mbedtls_platform_zeroize() in the end of this function. */ #endif /* PSA_PRE_1_0_KEY_DERIVATION */ + } else #endif /* MBEDTLS_MD_C */ {