diff --git a/src/tls13.c b/src/tls13.c index 1e468c2d13..7ff2924ea2 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -11346,28 +11346,30 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ret = NO_PEER_CERT; /* NO_PEER_VERIFY */ WOLFSSL_MSG("TLS v1.3 client did not present peer cert"); DoCertFatalAlert(ssl, ret); - return ret; + goto cleanup; } } #endif /* check against totalSz */ - if (*inOutIdx + size > totalSz) - return BUFFER_E; + if (*inOutIdx + size > totalSz) { + ret = BUFFER_E; + goto cleanup; + } #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_Tls13HandleFinished(ssl, input, inOutIdx, size, totalSz); if (ret == 0) { ssl->options.serverState = SERVER_FINISHED_COMPLETE; - return ret; + goto cleanup; } if (ret == WC_NO_ERR_TRACE(VERIFY_FINISHED_ERROR)) { SendAlert(ssl, alert_fatal, decrypt_error); - return ret; + goto cleanup; } if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { /* other errors */ - return ret; + goto cleanup; } ret = 0; #endif /* WOLFSSL_RENESAS_TSIP_TLS */ @@ -11377,7 +11379,7 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->keys.client_write_MAC_secret, WOLFSSL_CLIENT_END); if (ret != 0) - return ret; + goto cleanup; secret = ssl->keys.client_write_MAC_secret; } @@ -11389,13 +11391,13 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->keys.client_write_MAC_secret, WOLFSSL_CLIENT_END); if (ret != 0) - return ret; + goto cleanup; ret = DeriveFinishedSecret(ssl, ssl->serverSecret, ssl->keys.server_write_MAC_secret, WOLFSSL_SERVER_END); if (ret != 0) - return ret; + goto cleanup; secret = ssl->keys.server_write_MAC_secret; } @@ -11408,7 +11410,8 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ret = BuildTls13HandshakeHmac(ssl, secret, mac, &finishedSz); #ifdef WOLFSSL_HAVE_TLS_UNIQUE if (finishedSz > TLS_FINISHED_SZ_MAX) { - return BUFFER_ERROR; + ret = BUFFER_ERROR; + goto cleanup; } if (ssl->options.side == WOLFSSL_CLIENT_END) { XMEMCPY(ssl->serverFinished, mac, finishedSz); @@ -11420,9 +11423,11 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif /* WOLFSSL_HAVE_TLS_UNIQUE */ if (ret != 0) - return ret; - if (size != finishedSz) - return BUFFER_ERROR; + goto cleanup; + if (size != finishedSz) { + ret = BUFFER_ERROR; + goto cleanup; + } } #ifdef WOLFSSL_CALLBACKS @@ -11437,7 +11442,8 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_MSG("Verify finished error on hashes"); SendAlert(ssl, alert_fatal, decrypt_error); WOLFSSL_ERROR_VERBOSE(VERIFY_FINISHED_ERROR); - return VERIFY_FINISHED_ERROR; + ret = VERIFY_FINISHED_ERROR; + goto cleanup; } } @@ -11450,12 +11456,12 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef WOLFSSL_EARLY_DATA if (ssl->earlyData != no_early_data) { if ((ret = DeriveTls13Keys(ssl, no_key, DECRYPT_SIDE_ONLY, 1)) != 0) - return ret; + goto cleanup; } #endif /* Setup keys for application data messages from client. */ if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0) - return ret; + goto cleanup; } #endif @@ -11486,10 +11492,13 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif /* WOLFSSL_QUIC && WOLFSSL_EARLY_DATA */ - WOLFSSL_LEAVE("DoTls13Finished", 0); + ret = 0; +cleanup: + ForceZero(mac, sizeof(mac)); + WOLFSSL_LEAVE("DoTls13Finished", ret); WOLFSSL_END(WC_FUNC_FINISHED_DO); - return 0; + return ret; } #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)