yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-10-26 11:37:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

PKCS#1v1.5 signature: better cleanup of temporary values

Browse source 
Zeroize temporary buffers used to sanity-check the signature.

If there is an error, overwrite the tentative signature in the output
buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-12-13 12:37:55 +01:00
parent f91b2e5a97
commit 8c99a760d5
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
library/rsa.c
View file

@ -1942,9 +1942,13 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
memcpy( sig, sig_try, ctx->len );
cleanup:
mbedtls_platform_zeroize( sig_try, ctx->len );
mbedtls_platform_zeroize( verif, ctx->len );
mbedtls_free( sig_try );
mbedtls_free( verif );
if( ret != 0 )
memset( sig, '!', ctx->len );
return( ret );
}
#endif /* MBEDTLS_PKCS1_V15 */