mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 09:35:39 +00:00
psa_key_agreement_ecdh: zeroize output on failure
If psa_key_agreement_ecdh fails, there may be output that leaks sensitive information in the output buffer. Zeroize it. If this is due to an underlying failure in the ECDH implementation, it is currently not an issue since both the traditional Mbed TLS/Crypto implementation and Everest only write to the output buffer once every intermediate step has succeeded, but zeroizing is more robust. If this is because the recently added key size check fails, a leak could be a serious issue.
This commit is contained in:
parent
7cfcb3fc03
commit
3e819b7d69
|
@ -5343,6 +5343,8 @@ static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key,
|
|||
status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
exit:
|
||||
if( status != PSA_SUCCESS )
|
||||
mbedtls_platform_zeroize( shared_secret, shared_secret_size );
|
||||
mbedtls_ecdh_free( &ecdh );
|
||||
mbedtls_ecp_keypair_free( their_key );
|
||||
mbedtls_free( their_key );
|
||||
|
|
Loading…
Reference in a new issue