Checking in critical places if the mbedtls_platform_zeroize() was successful

Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
This commit is contained in:
Piotr Nowicki 2020-06-29 15:03:56 +02:00
parent ed840dbcd8
commit a6348edc23
2 changed files with 11 additions and 5 deletions

View File

@ -1886,11 +1886,15 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
return( ret ); return( ret );
} }
mbedtls_platform_zeroize( handshake->premaster, if( handshake->premaster == mbedtls_platform_zeroize(
sizeof(handshake->premaster) ); handshake->premaster, sizeof(handshake->premaster) ) )
{
return( 0 ); return( 0 );
} }
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
{ {
volatile int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; volatile int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;

View File

@ -186,7 +186,9 @@ int uECC_shared_secret(const uint8_t *public_key, const uint8_t *private_key,
uECC_vli_nativeToBytes(secret, num_bytes, _public); uECC_vli_nativeToBytes(secret, num_bytes, _public);
/* erasing temporary buffer used to store secret: */ /* erasing temporary buffer used to store secret: */
mbedtls_platform_zeroize(_private, sizeof(_private)); if (_private == mbedtls_platform_zeroize(_private, sizeof(_private))) {
return r; return r;
} }
return UECC_FAULT_DETECTED;
}