Skip to content

Commit

Permalink
Add buffer zeroization when ecp_write_key fails
Browse files Browse the repository at this point in the history 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
  • Loading branch information
@stevew817
stevew817 committed Aug 5, 2020
1 parent 1df8116 commit 1fde476
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions library/psa_crypto.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -863,9 +863,9 @@ static psa_status_t psa_export_ecp_key( psa_key_type_t type,
data,
PSA_BITS_TO_BYTES( ecp->grp.nbits ) ) );
if( status == PSA_SUCCESS )
{
*data_length = PSA_BITS_TO_BYTES( ecp->grp.nbits );
}
else
memset( data, 0, data_size );

return( status );
}
Expand Down Expand Up @@ -5972,8 +5972,10 @@ static psa_status_t psa_generate_key_internal(
mbedtls_ecp_write_key( &ecp, slot->data.key.data, bytes ) );

mbedtls_ecp_keypair_free( &ecp );
if( status != PSA_SUCCESS )
if( status != PSA_SUCCESS ) {
memset( slot->data.key.data, 0, bytes );
psa_remove_key_data_from_memory( slot );
}
return( status );
}
else
Expand Down

0 comments on commit 1fde476

Please sign in to comment.