eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Zeroize internal buffers and variables in PKCS and SHA

Browse source 
Zeroising of local buffers and variables which are used for calculations in
mbedtls_pkcs5_pbkdf2_hmac() and mbedtls_internal_sha*_process() functions
to erase sensitive data from memory.
Checked all function for possible missing zeroisation in PKCS and SHA.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
This commit is contained in:
gabor-mezei-arm 2020-07-30 16:41:25 +02:00
parent 8ed8694199
commit 76749aea78
No known key found for this signature in database
GPG key ID: 106F5A41ECC305BD
5 changed files with 30 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
library/sha256.c
View file

@ -253,6 +253,12 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
for( i = 0; i < 8; i++ )
ctx->state[i] += A[i];
/* Zeroise buffers and variables to clear sensitive data from memory. */
mbedtls_platform_zeroize( &A, sizeof( A ) );
mbedtls_platform_zeroize( &W, sizeof( W ) );
mbedtls_platform_zeroize( &temp1, sizeof( temp1 ) );
mbedtls_platform_zeroize( &temp2, sizeof( temp2 ) );
return( 0 );
}