mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-03-04 13:19:41 +00:00
PSA hash verification: zeroize expected hash on hash mismatch
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
dc269bbd08
commit
b3f4e5b1e1
|
@ -2249,6 +2249,7 @@ psa_status_t psa_hash_verify( psa_hash_operation_t *operation,
|
|||
status = PSA_ERROR_INVALID_SIGNATURE;
|
||||
|
||||
exit:
|
||||
mbedtls_platform_zeroize( actual_hash, sizeof( actual_hash ) );
|
||||
if( status != PSA_SUCCESS )
|
||||
psa_hash_abort(operation);
|
||||
|
||||
|
@ -2283,12 +2284,18 @@ psa_status_t psa_hash_compare( psa_algorithm_t alg,
|
|||
actual_hash, sizeof(actual_hash),
|
||||
&actual_hash_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
goto exit;
|
||||
if( actual_hash_length != hash_length )
|
||||
return( PSA_ERROR_INVALID_SIGNATURE );
|
||||
{
|
||||
status = PSA_ERROR_INVALID_SIGNATURE;
|
||||
goto exit;
|
||||
}
|
||||
if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
|
||||
return( PSA_ERROR_INVALID_SIGNATURE );
|
||||
return( PSA_SUCCESS );
|
||||
status = PSA_ERROR_INVALID_SIGNATURE;
|
||||
|
||||
exit:
|
||||
mbedtls_platform_zeroize( actual_hash, sizeof( actual_hash ) );
|
||||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation,
|
||||
|
|
Loading…
Reference in a new issue