Zeroising of plaintext buffers to erase unused application data from memory

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
This commit is contained in:
gabor-mezei-arm 2020-07-15 10:55:00 +02:00
parent 8ed8694199
commit a321413807
No known key found for this signature in database
GPG Key ID: 106F5A41ECC305BD
2 changed files with 8 additions and 0 deletions

View File

@ -0,0 +1,4 @@
Security
* Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused
application data from memory. Reported in #689 by
Johan Uppman Bruce of Sectra.

View File

@ -5581,6 +5581,10 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
memcpy( buf, ssl->in_offt, n );
ssl->in_msglen -= n;
/* Zeroising the plaintext buffer to erase unused application data
from the memory. */
mbedtls_platform_zeroize( ssl->in_offt, n );
if( ssl->in_msglen == 0 )
{
/* all bytes consumed */