Use plain memset() for session ID and Hello.Random

Those are public values (transmitted in the clear over the wire).
This commit is contained in:
Manuel Pégourié-Gonnard 2019-10-04 10:17:27 +02:00
parent 6bf30be457
commit ee0c35fbf5

View File

@ -1215,12 +1215,12 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
p = buf + 6 + ciph_len; p = buf + 6 + ciph_len;
ssl->session_negotiate->id_len = sess_len; ssl->session_negotiate->id_len = sess_len;
mbedtls_platform_memset( ssl->session_negotiate->id, 0, memset( ssl->session_negotiate->id, 0,
sizeof( ssl->session_negotiate->id ) ); sizeof( ssl->session_negotiate->id ) );
memcpy( ssl->session_negotiate->id, p, ssl->session_negotiate->id_len ); memcpy( ssl->session_negotiate->id, p, ssl->session_negotiate->id_len );
p += sess_len; p += sess_len;
mbedtls_platform_memset( ssl->handshake->randbytes, 0, 64 ); memset( ssl->handshake->randbytes, 0, 64 );
memcpy( ssl->handshake->randbytes + 32 - chal_len, p, chal_len ); memcpy( ssl->handshake->randbytes + 32 - chal_len, p, chal_len );
/* /*
@ -1735,7 +1735,7 @@ read_record_header:
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 35, sess_len ); MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 35, sess_len );
ssl->session_negotiate->id_len = sess_len; ssl->session_negotiate->id_len = sess_len;
mbedtls_platform_memset( ssl->session_negotiate->id, 0, memset( ssl->session_negotiate->id, 0,
sizeof( ssl->session_negotiate->id ) ); sizeof( ssl->session_negotiate->id ) );
memcpy( ssl->session_negotiate->id, buf + 35, memcpy( ssl->session_negotiate->id, buf + 35,
ssl->session_negotiate->id_len ); ssl->session_negotiate->id_len );
@ -2863,7 +2863,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
if( ssl->handshake->new_session_ticket != 0 ) if( ssl->handshake->new_session_ticket != 0 )
{ {
ssl->session_negotiate->id_len = n = 0; ssl->session_negotiate->id_len = n = 0;
mbedtls_platform_memset( ssl->session_negotiate->id, 0, 32 ); memset( ssl->session_negotiate->id, 0, 32 );
} }
else else
#endif /* MBEDTLS_SSL_SESSION_TICKETS */ #endif /* MBEDTLS_SSL_SESSION_TICKETS */