From b7f6deaae7ab66bf39e2ec20d4747e0d4894d3ba Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 5 Aug 2020 16:07:20 +0200 Subject: [PATCH] Add buffer zeroization when ecp_write_key fails Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 43f6205d4..d931a5063 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -863,9 +863,9 @@ static psa_status_t psa_export_ecp_key( psa_key_type_t type, data, PSA_BITS_TO_BYTES( ecp->grp.nbits ) ) ); if( status == PSA_SUCCESS ) - { *data_length = PSA_BITS_TO_BYTES( ecp->grp.nbits ); - } + else + memset( data, 0, data_size ); return( status ); } @@ -5974,8 +5974,10 @@ static psa_status_t psa_generate_key_internal( mbedtls_ecp_write_key( &ecp, slot->data.key.data, bytes ) ); mbedtls_ecp_keypair_free( &ecp ); - if( status != PSA_SUCCESS ) + if( status != PSA_SUCCESS ) { + memset( slot->data.key.data, 0, bytes ); psa_remove_key_data_from_memory( slot ); + } return( status ); } else