Dynamically allocate A(i) + seed buffer for TLS-1.2 PRF

This commit is contained in:
Hanno Becker 2018-11-13 20:50:45 +00:00
parent 24658c4ba1
commit 580fba1431
2 changed files with 23 additions and 6 deletions

View File

@ -154,8 +154,8 @@ typedef struct psa_tls12_prf_generator_s
size_t key_len;
/* `A(i) + seed` in the notation of RFC 5246, Sect. 5 */
uint8_t Ai_with_seed[PSA_HASH_MAX_SIZE + 64];
size_t seed_length;
uint8_t *Ai_with_seed;
size_t Ai_with_seed_len;
/* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */
uint8_t output_block[PSA_HASH_MAX_SIZE];

View File

@ -3272,6 +3272,13 @@ psa_status_t psa_generator_abort( psa_crypto_generator_t *generator )
generator->ctx.tls12_prf.key_len );
mbedtls_free( generator->ctx.tls12_prf.key );
}
if( generator->ctx.tls12_prf.Ai_with_seed != NULL )
{
mbedtls_zeroize( generator->ctx.tls12_prf.Ai_with_seed,
generator->ctx.tls12_prf.Ai_with_seed_len );
mbedtls_free( generator->ctx.tls12_prf.Ai_with_seed );
}
}
else
#endif /* MBEDTLS_MD_C */
@ -3420,7 +3427,7 @@ static psa_status_t psa_generator_tls12_prf_generate_next_block(
/* This omits the (so far undefined)
* first hash_length bytes. */
tls12_prf->Ai_with_seed + hash_length,
tls12_prf->seed_length );
tls12_prf->Ai_with_seed_len - hash_length );
if( status != PSA_SUCCESS )
goto cleanup;
status = psa_hmac_finish_internal( &hmac,
@ -3463,7 +3470,7 @@ static psa_status_t psa_generator_tls12_prf_generate_next_block(
status = psa_hash_update( &hmac.hash_ctx,
tls12_prf->Ai_with_seed,
hash_length + tls12_prf->seed_length );
tls12_prf->Ai_with_seed_len );
if( status != PSA_SUCCESS )
goto cleanup;
@ -3694,6 +3701,8 @@ static psa_status_t psa_generator_tls12_prf_setup(
size_t label_length )
{
uint8_t hash_length = PSA_HASH_SIZE( hash_alg );
size_t Ai_with_seed_len = hash_length + salt_length + label_length;
int overflow;
tls12_prf->key = mbedtls_calloc( 1, key_len );
if( tls12_prf->key == NULL )
@ -3701,14 +3710,22 @@ static psa_status_t psa_generator_tls12_prf_setup(
tls12_prf->key_len = key_len;
memcpy( tls12_prf->key, key, key_len );
overflow = ( salt_length + label_length < salt_length ) ||
( salt_length + label_length + hash_length < hash_length );
if( overflow )
return( PSA_ERROR_INVALID_ARGUMENT );
tls12_prf->Ai_with_seed = mbedtls_calloc( 1, Ai_with_seed_len );
if( tls12_prf->Ai_with_seed == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
tls12_prf->Ai_with_seed_len = Ai_with_seed_len;
/* Write `label + seed' at the end of the `A(i) + seed` buffer,
* leaving the initial `hash_length` bytes unspecified for now. */
memcpy( tls12_prf->Ai_with_seed + hash_length, label, label_length );
memcpy( tls12_prf->Ai_with_seed + hash_length + label_length,
salt, salt_length );
tls12_prf->seed_length = label_length + salt_length;
/* The first block gets generated when
* psa_generator_read() is called. */
tls12_prf->block_number = 0;