yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-22 15:25:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

PSA hash verification: zeroize expected hash on hash mismatch

Browse source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-12-13 12:33:18 +01:00
parent dc269bbd08
commit b3f4e5b1e1
1 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
library/psa_crypto.c
View file

@ -2249,6 +2249,7 @@ psa_status_t psa_hash_verify( psa_hash_operation_t *operation,
status = PSA_ERROR_INVALID_SIGNATURE;
exit:
mbedtls_platform_zeroize( actual_hash, sizeof( actual_hash ) );
if( status != PSA_SUCCESS )
psa_hash_abort(operation);
@ -2283,12 +2284,18 @@ psa_status_t psa_hash_compare( psa_algorithm_t alg,
actual_hash, sizeof(actual_hash),
&actual_hash_length );
if( status != PSA_SUCCESS )
return( status );
goto exit;
if( actual_hash_length != hash_length )
return( PSA_ERROR_INVALID_SIGNATURE );
{
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
return( PSA_ERROR_INVALID_SIGNATURE );
return( PSA_SUCCESS );
status = PSA_ERROR_INVALID_SIGNATURE;
exit:
mbedtls_platform_zeroize( actual_hash, sizeof( actual_hash ) );
return( status );
}
psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation,