diff --git a/library/ssl_misc.h b/library/ssl_misc.h index ae6cbfab5b..3b0d61b35c 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -783,22 +783,6 @@ struct mbedtls_ssl_handshake_params #endif /* MBEDTLS_SSL_CLI_C */ -#if defined(MBEDTLS_SSL_SRV_C) - - /* Server, outgoing ClientKeyExchange */ - struct - { - uint8_t preparation_done; - } cli_key_exch_in; - - /* Server, outgoing ClientKeyExchange */ - struct - { - uint8_t preparation_done; - } encrypted_extensions_out; - -#endif /* MBEDTLS_SSL_SRV_C */ - /* Incoming CertificateVerify */ struct { @@ -1262,8 +1246,9 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); int mbedtls_ssl_read_certificate_process(mbedtls_ssl_context *ssl); int mbedtls_ssl_write_certificate_process(mbedtls_ssl_context *ssl); -int mbedtls_ssl_tls1_3_finished_in_process( mbedtls_ssl_context *ssl ); -int mbedtls_ssl_tls1_3_finished_out_process( mbedtls_ssl_context *ssl ); + +int mbedtls_ssl_tls13_finished_in_process( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_tls13_finished_out_process( mbedtls_ssl_context *ssl ); int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index e36e28d9d7..2bde4a8252 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1605,9 +1605,7 @@ static int ssl_tls1_3_process_certificate_verify( mbedtls_ssl_context *ssl ) */ static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) ); - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE ); - return( 0 ); + return ( mbedtls_ssl_tls13_finished_in_process( ssl ) ); } /* diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index c9bf78e6a7..87bc12ce24 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -852,11 +852,11 @@ cleanup: */ /* Main entry point: orchestrates the other functions */ -int mbedtls_ssl_tls1_3_finished_in_process( mbedtls_ssl_context* ssl ); +int mbedtls_ssl_tls13_finished_in_process( mbedtls_ssl_context* ssl ); -static int ssl_finished_in_preprocess( mbedtls_ssl_context* ssl ); -static int ssl_finished_in_postprocess( mbedtls_ssl_context* ssl ); -static int ssl_finished_in_parse( mbedtls_ssl_context* ssl, +static int ssl_tls13_finished_in_preprocess( mbedtls_ssl_context* ssl ); +static int ssl_tls13_finished_in_postprocess( mbedtls_ssl_context* ssl ); +static int ssl_tls13_finished_in_parse( mbedtls_ssl_context* ssl, const unsigned char* buf, size_t buflen ); @@ -864,7 +864,7 @@ static int ssl_finished_in_parse( mbedtls_ssl_context* ssl, * Implementation */ -int mbedtls_ssl_tls1_3_finished_in_process( mbedtls_ssl_context* ssl ) +int mbedtls_ssl_tls13_finished_in_process( mbedtls_ssl_context* ssl ) { int ret = 0; unsigned char *buf; @@ -873,15 +873,15 @@ int mbedtls_ssl_tls1_3_finished_in_process( mbedtls_ssl_context* ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) ); /* Preprocessing step: Compute handshake digest */ - MBEDTLS_SSL_PROC_CHK( ssl_finished_in_preprocess( ssl ) ); + MBEDTLS_SSL_PROC_CHK( ssl_tls13_finished_in_preprocess( ssl ) ); MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl, MBEDTLS_SSL_HS_FINISHED, &buf, &buflen ) ); - MBEDTLS_SSL_PROC_CHK( ssl_finished_in_parse( ssl, buf, buflen ) ); + MBEDTLS_SSL_PROC_CHK( ssl_tls13_finished_in_parse( ssl, buf, buflen ) ); mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED, buf, buflen ); - MBEDTLS_SSL_PROC_CHK( ssl_finished_in_postprocess( ssl ) ); + MBEDTLS_SSL_PROC_CHK( ssl_tls13_finished_in_postprocess( ssl ) ); cleanup: @@ -889,7 +889,7 @@ cleanup: return( ret ); } -static int ssl_finished_in_preprocess( mbedtls_ssl_context* ssl ) +static int ssl_tls13_finished_in_preprocess( mbedtls_ssl_context* ssl ) { int ret; @@ -907,7 +907,7 @@ static int ssl_finished_in_preprocess( mbedtls_ssl_context* ssl ) return( 0 ); } -static int ssl_finished_in_parse( mbedtls_ssl_context* ssl, +static int ssl_tls13_finished_in_parse( mbedtls_ssl_context* ssl, const unsigned char* buf, size_t buflen ) { @@ -941,17 +941,17 @@ static int ssl_finished_in_parse( mbedtls_ssl_context* ssl, return( 0 ); } -static int ssl_finished_in_postprocess_cli( mbedtls_ssl_context *ssl ) +static int ssl_tls13_finished_in_postprocess_cli( mbedtls_ssl_context *ssl ) { int ret = 0; mbedtls_ssl_key_set traffic_keys; mbedtls_ssl_transform *transform_application; - ret = mbedtls_ssl_tls1_3_key_schedule_stage_application( ssl ); + ret = mbedtls_ssl_tls13_key_schedule_stage_application( ssl ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, - "mbedtls_ssl_tls1_3_key_schedule_stage_application", ret ); + "mbedtls_ssl_tls13_key_schedule_stage_application", ret ); return( ret ); } @@ -987,12 +987,12 @@ static int ssl_finished_in_postprocess_cli( mbedtls_ssl_context *ssl ) return( 0 ); } -static int ssl_finished_in_postprocess( mbedtls_ssl_context* ssl ) +static int ssl_tls13_finished_in_postprocess( mbedtls_ssl_context* ssl ) { if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) { - return( ssl_finished_in_postprocess_cli( ssl ) ); + return( ssl_tls13_finished_in_postprocess_cli( ssl ) ); } return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 010d6352da..ddbeb626ea 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -564,7 +564,7 @@ int mbedtls_ssl_tls1_3_derive_resumption_master_secret( return( 0 ); } -int mbedtls_ssl_tls1_3_key_schedule_stage_application( +int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl ) { int ret = 0; @@ -577,7 +577,6 @@ int mbedtls_ssl_tls1_3_key_schedule_stage_application( /* * Compute MasterSecret */ - ret = mbedtls_ssl_tls1_3_evolve_secret( md_type, ssl->handshake->tls1_3_master_secrets.handshake, NULL, 0, @@ -687,7 +686,6 @@ int mbedtls_ssl_tls1_3_calc_finished( mbedtls_ssl_context* ssl, *actual_len = md_size; MBEDTLS_SSL_DEBUG_BUF( 3, "verify_data for finished message", dst, md_size ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls1_3_calc_finished" ) ); return( 0 ); } @@ -1152,7 +1150,7 @@ int mbedtls_ssl_tls1_3_generate_application_keys( transcript, sizeof( transcript ), &transcript_len ); if( ret != 0 ) - return( ret ); + goto cleanup; /* Compute application secrets from master secret and transcript hash. */ @@ -1164,7 +1162,7 @@ int mbedtls_ssl_tls1_3_generate_application_keys( { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_application_secrets", ret ); - return( ret ); + goto cleanup; } /* Derive first epoch of IV + Key for application traffic. */ @@ -1176,7 +1174,7 @@ int mbedtls_ssl_tls1_3_generate_application_keys( if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret ); - return( ret ); + goto cleanup; } MBEDTLS_SSL_DEBUG_BUF( 4, "Client application traffic secret", @@ -1219,7 +1217,19 @@ int mbedtls_ssl_tls1_3_generate_application_keys( traffic_keys->server_write_iv, ivlen ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive application traffic keys" ) ); - return( 0 ); + + cleanup: + + mbedtls_platform_zeroize( transcript, sizeof(transcript) ); + mbedtls_platform_zeroize( traffic_keys->client_write_key, + sizeof(traffic_keys->client_write_key) ); + mbedtls_platform_zeroize( traffic_keys->server_write_key, + sizeof(traffic_keys->server_write_key) ); + mbedtls_platform_zeroize( traffic_keys->client_write_iv, + sizeof(traffic_keys->client_write_iv) ); + mbedtls_platform_zeroize( traffic_keys->server_write_iv, + sizeof(traffic_keys->server_write_iv) ); + return( ret ); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 78bfc2a3d6..31a5029b42 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -586,7 +586,7 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, * \returns \c 0 on success. * \returns A negative error code on failure. */ -int mbedtls_ssl_tls1_3_key_schedule_stage_application( +int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl ); /** @@ -594,7 +594,7 @@ int mbedtls_ssl_tls1_3_key_schedule_stage_application( * * \param ssl The SSL context to operate on. This must be in * key schedule stage \c Application, see - * mbedtls_ssl_tls1_3_key_schedule_stage_application(). + * mbedtls_ssl_tls13_key_schedule_stage_application(). * \param traffic_keys The address at which to store the application traffic key * keys. This must be writable but may be uninitialized. * @@ -609,7 +609,7 @@ int mbedtls_ssl_tls1_3_generate_application_keys( * * \param ssl The SSL context to operate on. This must be in * key schedule stage \c Handshake, see - * mbedtls_ssl_tls1_3_key_schedule_stage_application(). + * mbedtls_ssl_tls13_key_schedule_stage_application(). * \param dst The address at which to write the Finished content. * \param dst_len The size of \p dst in bytes. * \param actual_len The address at which to store the amount of data