From bae9e74d39dc759d1b64455a26792311cdfb70de Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 13 Dec 2022 14:58:45 +0800 Subject: [PATCH] Enhancement: change tls13_early_secrets to local variable Since tls13_early_secrets is only temperately used in the function, there is no need to keep it in the handshake context. Signed-off-by: Yanray Wang --- library/ssl_misc.h | 1 - library/ssl_tls13_keys.c | 12 ++++++------ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 16eccfc9eb..7b727949a2 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -986,7 +986,6 @@ struct mbedtls_ssl_handshake_params { mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets; #if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_tls13_early_secrets tls13_early_secrets; /** TLS 1.3 transform for early data and handshake messages. */ mbedtls_ssl_transform *transform_earlydata; #endif diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index ecfdab318d..fc3dc0f261 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1113,7 +1113,7 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl, mbedtls_ssl_handshake_params *handshake = ssl->handshake; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info; - mbedtls_ssl_tls13_early_secrets *tls13_early_secrets = &handshake->tls13_early_secrets; + mbedtls_ssl_tls13_early_secrets tls13_early_secrets; MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_generate_early_key")); @@ -1141,7 +1141,7 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl, ret = mbedtls_ssl_tls13_derive_early_secrets( hash_alg, handshake->tls13_master_secrets.early, - transcript, transcript_len, tls13_early_secrets); + transcript, transcript_len, &tls13_early_secrets); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_derive_early_secrets", ret); @@ -1150,7 +1150,7 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 4, "Client early traffic secret", - tls13_early_secrets->client_early_traffic_secret, hash_len); + tls13_early_secrets.client_early_traffic_secret, hash_len); /* * Export client handshake traffic secret @@ -1159,7 +1159,7 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl, ssl->f_export_keys( ssl->p_export_keys, MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET, - tls13_early_secrets->client_early_traffic_secret, + tls13_early_secrets.client_early_traffic_secret, hash_len, handshake->randbytes, handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN, @@ -1168,7 +1168,7 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl, ret = ssl_tls13_make_traffic_key( hash_alg, - tls13_early_secrets->client_early_traffic_secret, + tls13_early_secrets.client_early_traffic_secret, hash_len, traffic_keys->client_write_key, key_len, traffic_keys->client_write_iv, iv_len); if (ret != 0) { @@ -1191,7 +1191,7 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl, cleanup: /* Erase secret and transcript */ mbedtls_platform_zeroize( - tls13_early_secrets, sizeof(mbedtls_ssl_tls13_early_secrets)); + &tls13_early_secrets, sizeof(mbedtls_ssl_tls13_early_secrets)); mbedtls_platform_zeroize(transcript, sizeof(transcript)); return ret; }