ForceZero mac buffer in DoTls13Finished before return F-1464

This commit is contained in:
Juliusz Sosinowicz
2026-04-03 10:01:49 +02:00
parent ed0976a821
commit 96b4e01b20
+27 -18
View File
@@ -11346,28 +11346,30 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ret = NO_PEER_CERT; /* NO_PEER_VERIFY */
WOLFSSL_MSG("TLS v1.3 client did not present peer cert");
DoCertFatalAlert(ssl, ret);
return ret;
goto cleanup;
}
}
#endif
/* check against totalSz */
if (*inOutIdx + size > totalSz)
return BUFFER_E;
if (*inOutIdx + size > totalSz) {
ret = BUFFER_E;
goto cleanup;
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_Tls13HandleFinished(ssl, input, inOutIdx, size, totalSz);
if (ret == 0) {
ssl->options.serverState = SERVER_FINISHED_COMPLETE;
return ret;
goto cleanup;
}
if (ret == WC_NO_ERR_TRACE(VERIFY_FINISHED_ERROR)) {
SendAlert(ssl, alert_fatal, decrypt_error);
return ret;
goto cleanup;
}
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
/* other errors */
return ret;
goto cleanup;
}
ret = 0;
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
@@ -11377,7 +11379,7 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->keys.client_write_MAC_secret,
WOLFSSL_CLIENT_END);
if (ret != 0)
return ret;
goto cleanup;
secret = ssl->keys.client_write_MAC_secret;
}
@@ -11389,13 +11391,13 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->keys.client_write_MAC_secret,
WOLFSSL_CLIENT_END);
if (ret != 0)
return ret;
goto cleanup;
ret = DeriveFinishedSecret(ssl, ssl->serverSecret,
ssl->keys.server_write_MAC_secret,
WOLFSSL_SERVER_END);
if (ret != 0)
return ret;
goto cleanup;
secret = ssl->keys.server_write_MAC_secret;
}
@@ -11408,7 +11410,8 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ret = BuildTls13HandshakeHmac(ssl, secret, mac, &finishedSz);
#ifdef WOLFSSL_HAVE_TLS_UNIQUE
if (finishedSz > TLS_FINISHED_SZ_MAX) {
return BUFFER_ERROR;
ret = BUFFER_ERROR;
goto cleanup;
}
if (ssl->options.side == WOLFSSL_CLIENT_END) {
XMEMCPY(ssl->serverFinished, mac, finishedSz);
@@ -11420,9 +11423,11 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
}
#endif /* WOLFSSL_HAVE_TLS_UNIQUE */
if (ret != 0)
return ret;
if (size != finishedSz)
return BUFFER_ERROR;
goto cleanup;
if (size != finishedSz) {
ret = BUFFER_ERROR;
goto cleanup;
}
}
#ifdef WOLFSSL_CALLBACKS
@@ -11437,7 +11442,8 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
WOLFSSL_MSG("Verify finished error on hashes");
SendAlert(ssl, alert_fatal, decrypt_error);
WOLFSSL_ERROR_VERBOSE(VERIFY_FINISHED_ERROR);
return VERIFY_FINISHED_ERROR;
ret = VERIFY_FINISHED_ERROR;
goto cleanup;
}
}
@@ -11450,12 +11456,12 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef WOLFSSL_EARLY_DATA
if (ssl->earlyData != no_early_data) {
if ((ret = DeriveTls13Keys(ssl, no_key, DECRYPT_SIDE_ONLY, 1)) != 0)
return ret;
goto cleanup;
}
#endif
/* Setup keys for application data messages from client. */
if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
return ret;
goto cleanup;
}
#endif
@@ -11486,10 +11492,13 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
}
#endif /* WOLFSSL_QUIC && WOLFSSL_EARLY_DATA */
WOLFSSL_LEAVE("DoTls13Finished", 0);
ret = 0;
cleanup:
ForceZero(mac, sizeof(mac));
WOLFSSL_LEAVE("DoTls13Finished", ret);
WOLFSSL_END(WC_FUNC_FINISHED_DO);
return 0;
return ret;
}
#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)