ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-17 12:21:47 +08:00
Code Issues Releases Wiki Activity

psa: zeroize static key buffer content when key slot is freed

Browse Source 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2024-08-16 12:52:19 +02:00
parent 9e154debfb
commit dbfb2ab4ea
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
library/psa_crypto.c
View File

@ -1183,7 +1183,11 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy(
psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot) psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot)
{ {
#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) #if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
if (slot->key.bytes > 0) {
mbedtls_platform_zeroize(slot->key.data, MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE);
}
#else
if (slot->key.data != NULL) { if (slot->key.data != NULL) {
mbedtls_zeroize_and_free(slot->key.data, slot->key.bytes); mbedtls_zeroize_and_free(slot->key.data, slot->key.bytes);
} }