tls13: keys: Do not use handshake->premaster

`handshake->premaster` was used to store the (EC)DHE shared secret but in TLS 1.3 there is no need to store it in a context. Futhermore, `handshake->premaster` and more specifically its sizing is TLS 1.2 specific thus better to not use it in TLS 1.3. Allocate a buffer to store the shared secret instead. Allocation instead of a stack buffer as the maintenance of the size of such buffer is harder (new elliptic curve for ECDHE, support for FFDHE ... ). Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-07-28 00:21:48 +03:00 · 2022-10-05 17:20:21 +02:00
parent 4c7edb2b9b
commit 3b056202d3
2 changed files with 30 additions and 12 deletions
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -600,8 +600,6 @@ struct mbedtls_ssl_handshake_params
    size_t ecrs_n;                      /*!< place for saving a length      */
 #endif

-    size_t pmslen;                      /*!<  premaster length        */
-
    mbedtls_ssl_ciphersuite_t const *ciphersuite_info;

    void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
@ -853,8 +851,11 @@ struct mbedtls_ssl_handshake_params
    unsigned char randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN +
                            MBEDTLS_SERVER_HELLO_RANDOM_LEN];
                                        /*!<  random bytes            */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
    unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
                                        /*!<  premaster secret        */
+    size_t pmslen;                      /*!<  premaster length        */
+#endif

 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
    int extensions_present;             /*!< extension presence; Each bitfield