mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-25 13:43:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Zeroize pake password buffer before free

Browse Source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2022-11-17 14:14:31 +01:00
parent 152ae07682
commit 369ae0afc3
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
library/psa_crypto_pake.c
View File

@ -288,6 +288,7 @@ psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation,
if( operation->password != NULL ) if( operation->password != NULL )
{ {
mbedtls_platform_zeroize( operation->password, operation->password_len );
mbedtls_free( operation->password ); mbedtls_free( operation->password );
operation->password_len = 0; operation->password_len = 0;
} }
@ -864,6 +865,7 @@ psa_status_t psa_pake_abort(psa_pake_operation_t * operation)
{ {
operation->input_step = PSA_PAKE_STEP_INVALID; operation->input_step = PSA_PAKE_STEP_INVALID;
operation->output_step = PSA_PAKE_STEP_INVALID; operation->output_step = PSA_PAKE_STEP_INVALID;
mbedtls_platform_zeroize( operation->password, operation->password_len );
mbedtls_free( operation->password ); mbedtls_free( operation->password );
operation->password = NULL; operation->password = NULL;
operation->password_len = 0; operation->password_len = 0;