mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 08:55:40 +01:00
Merge pull request #732 from gabor-mezei-arm/689_bp216_zeroising_of_plaintext_buffers
[Backport 2.16] Zeroising of plaintext buffers in mbedtls_ssl_read()
This commit is contained in:
commit
0ca801af76
4
ChangeLog.d/zeroising_of_plaintext_buffer.txt
Normal file
4
ChangeLog.d/zeroising_of_plaintext_buffer.txt
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
Security
|
||||||
|
* Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused
|
||||||
|
application data from memory. Reported in #689 by
|
||||||
|
Johan Uppman Bruce of Sectra.
|
@ -8656,6 +8656,10 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||||||
memcpy( buf, ssl->in_offt, n );
|
memcpy( buf, ssl->in_offt, n );
|
||||||
ssl->in_msglen -= n;
|
ssl->in_msglen -= n;
|
||||||
|
|
||||||
|
/* Zeroising the plaintext buffer to erase unused application data
|
||||||
|
from the memory. */
|
||||||
|
mbedtls_platform_zeroize( ssl->in_offt, n );
|
||||||
|
|
||||||
if( ssl->in_msglen == 0 )
|
if( ssl->in_msglen == 0 )
|
||||||
{
|
{
|
||||||
/* all bytes consumed */
|
/* all bytes consumed */
|
||||||
|
Loading…
Reference in New Issue
Block a user