diff --git a/ChangeLog.d/psa-zeroize.txt b/ChangeLog.d/psa-zeroize.txt new file mode 100644 index 0000000000..6bdaa00729 --- /dev/null +++ b/ChangeLog.d/psa-zeroize.txt @@ -0,0 +1,4 @@ +Security + * Zeroize a temporary heap buffer used in psa_key_derivation_output_key() + when deriving an ECC key pair. + * Zeroize temporary heap buffers used in PSA operations. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b576f95789..4ccb75be61 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6316,7 +6316,7 @@ static psa_status_t psa_generate_derived_ecc_key_weierstrass_helper( int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t m; - size_t m_bytes; + size_t m_bytes = 0; mbedtls_mpi_init(&k); mbedtls_mpi_init(&diff_N_2); @@ -6389,7 +6389,7 @@ cleanup: status = mbedtls_to_psa_error(ret); } if (status != PSA_SUCCESS) { - mbedtls_free(*data); + mbedtls_zeroize_and_free(*data, m_bytes); *data = NULL; } mbedtls_mpi_free(&k); @@ -6564,7 +6564,7 @@ static psa_status_t psa_generate_derived_key_internal( } exit: - mbedtls_free(data); + mbedtls_zeroize_and_free(data, bytes); return status; } @@ -9300,7 +9300,7 @@ psa_status_t psa_crypto_local_input_alloc(const uint8_t *input, size_t input_len return PSA_SUCCESS; error: - mbedtls_free(local_input->buffer); + mbedtls_zeroize_and_free(local_input->buffer, local_input->length); local_input->buffer = NULL; local_input->length = 0; return status; @@ -9308,7 +9308,7 @@ error: void psa_crypto_local_input_free(psa_crypto_local_input_t *local_input) { - mbedtls_free(local_input->buffer); + mbedtls_zeroize_and_free(local_input->buffer, local_input->length); local_input->buffer = NULL; local_input->length = 0; } @@ -9352,7 +9352,7 @@ psa_status_t psa_crypto_local_output_free(psa_crypto_local_output_t *local_outpu return status; } - mbedtls_free(local_output->buffer); + mbedtls_zeroize_and_free(local_output->buffer, local_output->length); local_output->buffer = NULL; local_output->length = 0;