ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-13 02:14:40 +08:00
Code Issues Releases Wiki Activity

Zeroize temporary heap buffers used when deriving an ECC key

Browse Source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2025-03-06 12:42:30 +01:00
parent e847afd9ef
commit 184cac1eb6
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog.d/psa-zeroize.txt
View File

@ -1,2 +1,4 @@
Security
* Zeroize a temporary heap buffer used in psa_key_derivation_output_key()
when deriving an ECC key pair.
* Zeroize temporary heap buffers used in PSA operations.

4
library/psa_crypto.c
View File

@ -6389,7 +6389,7 @@ cleanup:
status = mbedtls_to_psa_error(ret);
}
if (status != PSA_SUCCESS) {
mbedtls_free(*data);
mbedtls_zeroize_and_free(*data, m_bytes);
*data = NULL;
}
mbedtls_mpi_free(&k);
@ -6564,7 +6564,7 @@ static psa_status_t psa_generate_derived_key_internal(
}
exit:
mbedtls_free(data);
mbedtls_zeroize_and_free(data, bytes);
return status;
}