lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-23 01:52:40 +03:00
Code Activity

Remove redundant memset on freshly initialized buffer

Browse Source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2025-08-25 17:01:34 +02:00
parent 2d666646ba
commit cc908ad04c
1 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
library/psa_crypto_cipher.c
View File

@@ -554,10 +554,6 @@ psa_status_t mbedtls_psa_cipher_finish(
psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_status_t status = PSA_ERROR_GENERIC_ERROR;
size_t invalid_padding = 0; size_t invalid_padding = 0;
uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH] = { 0 };
if (output_size > sizeof(temp_output_buffer)) {
output_size = sizeof(temp_output_buffer);
}
/* We will copy output_size bytes from temp_output_buffer to the /* We will copy output_size bytes from temp_output_buffer to the
* output buffer. We can't use *output_length to determine how * output buffer. We can't use *output_length to determine how
* much to copy because we must not leak that value through timing * much to copy because we must not leak that value through timing
@@ -565,7 +561,10 @@ psa_status_t mbedtls_psa_cipher_finish(
* is not guaranteed to write beyond *output_length. To ensure we don't * is not guaranteed to write beyond *output_length. To ensure we don't
* leak the former content of the stack to the caller, wipe that * leak the former content of the stack to the caller, wipe that
* former content. */ * former content. */
memset(temp_output_buffer, 0, output_size); uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH] = { 0 };
if (output_size > sizeof(temp_output_buffer)) {
output_size = sizeof(temp_output_buffer);
}
if (operation->ctx.cipher.unprocessed_len != 0) { if (operation->ctx.cipher.unprocessed_len != 0) {
if (operation->alg == PSA_ALG_ECB_NO_PADDING || if (operation->alg == PSA_ALG_ECB_NO_PADDING ||