mbedtls_ssl_cookie_check: zeroize expected cookie on cookie mismatch
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 04565e0..9e21368 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -250,15 +250,18 @@
#if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR +
+ ret = ( MBEDTLS_ERR_SSL_INTERNAL_ERROR +
MBEDTLS_ERR_THREADING_MUTEX_ERROR );
#endif
if( ret != 0 )
- return( ret );
+ goto exit;
if( mbedtls_ssl_safer_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 )
- return( -1 );
+ {
+ ret = -1;
+ goto exit;
+ }
#if defined(MBEDTLS_HAVE_TIME)
cur_time = (unsigned long) mbedtls_time( NULL );
@@ -272,8 +275,13 @@
( (unsigned long) cookie[3] );
if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout )
- return( -1 );
+ {
+ ret = -1;
+ goto exit;
+ }
- return( 0 );
+exit:
+ mbedtls_platform_zeroize( ref_hmac, sizeof( ref_hmac ) );
+ return( ret );
}
#endif /* MBEDTLS_SSL_COOKIE_C */