pem: zeroize the entire buffer in case of errors in mbedtls_pem_read_buffer()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti
parent
e88a1c5b85
commit
02f30230c4
1 changed files with 4 additions and 2 deletions
|
|
@ -453,18 +453,20 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const
|
||||||
#endif /* MBEDTLS_AES_C */
|
#endif /* MBEDTLS_AES_C */
|
||||||
|
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
mbedtls_free(buf);
|
mbedtls_zeroize_and_free(buf, len);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Check PKCS padding and update data length based on padding info.
|
/* Check PKCS padding and update data length based on padding info.
|
||||||
* This can be used to detect invalid padding data and password
|
* This can be used to detect invalid padding data and password
|
||||||
* mismatches. */
|
* mismatches. */
|
||||||
ret = pem_check_pkcs_padding(buf, len, &len);
|
size_t unpadded_len;
|
||||||
|
ret = pem_check_pkcs_padding(buf, len, &unpadded_len);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
mbedtls_zeroize_and_free(buf, len);
|
mbedtls_zeroize_and_free(buf, len);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
len = unpadded_len;
|
||||||
#else
|
#else
|
||||||
mbedtls_zeroize_and_free(buf, len);
|
mbedtls_zeroize_and_free(buf, len);
|
||||||
return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE;
|
return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue