yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Simplified key slot deletion

Browse source 
And zeroize key buffer before freeing to avoid keys hanging around on the
heap.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman 2020-08-05 15:46:33 +02:00
parent 291498600b
commit fd4d69a72e
1 changed files with 4 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
library/psa_crypto.c
View file

@ -1204,24 +1204,15 @@ static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
} }
else else
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
if( slot->attr.type == PSA_KEY_TYPE_NONE )
{
/* No key material to clean. */
}
else if( key_type_is_raw_bytes( slot->attr.type ) ||
PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ||
PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
{ {
/* Data pointer will always be either a valid pointer or NULL in an
* initialized slot, so we can just free it. */
if( slot->data.key.data != NULL )
mbedtls_platform_zeroize( slot->data.key.data, slot->data.key.bytes);
mbedtls_free( slot->data.key.data ); mbedtls_free( slot->data.key.data );
slot->data.key.data = NULL; slot->data.key.data = NULL;
slot->data.key.bytes = 0; slot->data.key.bytes = 0;
} }
else
{
/* Shouldn't happen: the key type is not any type that we
* put in. */
return( PSA_ERROR_CORRUPTION_DETECTED );
}
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }