lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-11-03 20:33:16 +03:00
Code Activity

PKCS#1v1.5 signature: better cleanup of temporary values

Browse Source 
Zeroize temporary buffers used to sanity-check the signature.

If there is an error, overwrite the tentative signature in the output
buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2021-12-13 12:37:55 +01:00
parent f91b2e5a97
commit 8c99a760d5
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
library/rsa.c
View File

@@ -1942,9 +1942,13 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
memcpy( sig, sig_try, ctx->len ); memcpy( sig, sig_try, ctx->len );
cleanup: cleanup:
mbedtls_platform_zeroize( sig_try, ctx->len );
mbedtls_platform_zeroize( verif, ctx->len );
mbedtls_free( sig_try ); mbedtls_free( sig_try );
mbedtls_free( verif ); mbedtls_free( verif );
if( ret != 0 )
memset( sig, '!', ctx->len );
return( ret ); return( ret );
} }
#endif /* MBEDTLS_PKCS1_V15 */ #endif /* MBEDTLS_PKCS1_V15 */