yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-23 12:01:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream-restricted/pr/401' into mbedtls-2.1-restricted

Browse source
This commit is contained in:
Gilles Peskine 2017-11-28 14:24:15 +01:00
parent 336b7de48a 070c809c79
commit 5a8fe053d8
2 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ChangeLog
View file

@ -21,6 +21,8 @@ Security
* Tighten should-be-constant-time memcmp against compiler optimizations. * Tighten should-be-constant-time memcmp against compiler optimizations.
* Ensure that buffers are cleared after use if they contain sensitive data. * Ensure that buffers are cleared after use if they contain sensitive data.
Changes were introduced in multiple places in the library. Changes were introduced in multiple places in the library.
* Set PEM buffer to zero before freeing it, to avoid decoded private keys
being leaked to memory after release.
Bugfix Bugfix
* Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were * Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were

2
library/pem.c
View file

@ -391,6 +391,8 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
void mbedtls_pem_free( mbedtls_pem_context *ctx ) void mbedtls_pem_free( mbedtls_pem_context *ctx )
{ {
if( ctx->buf != NULL )
mbedtls_zeroize( ctx->buf, ctx->buflen );
mbedtls_free( ctx->buf ); mbedtls_free( ctx->buf );
mbedtls_free( ctx->info ); mbedtls_free( ctx->info );