PKCS#1v1.5 signature: better cleanup of temporary values
Zeroize temporary buffers used to sanity-check the signature. If there is an error, overwrite the tentative signature in the output buffer. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
parent
f0fd4c3aee
commit
14d5fef6b7
1 changed files with 4 additions and 0 deletions
|
|
@ -1896,9 +1896,13 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
|||
memcpy( sig, sig_try, ctx->len );
|
||||
|
||||
cleanup:
|
||||
mbedtls_platform_zeroize( sig_try, ctx->len );
|
||||
mbedtls_platform_zeroize( verif, ctx->len );
|
||||
mbedtls_free( sig_try );
|
||||
mbedtls_free( verif );
|
||||
|
||||
if( ret != 0 )
|
||||
memset( sig, '!', ctx->len );
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_PKCS1_V15 */
|
||||
|
|
|
|||
Loading…
Reference in a new issue