6d576c9646
After opening a file containing sensitive data, call mbedtls_setbuf() to disable buffering. This way, we don't expose sensitive data to a memory disclosure vulnerability in a buffer outside our control. This commit adds a call to mbedtls_setbuf() after each call to fopen(), but only in sample programs that were calling mbedtls_platform_zeroize(). Don't bother protecting stdio buffers in programs where application buffers weren't protected. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> |
||
|---|---|---|
| .. | ||
| aead_demo.c | ||
| CMakeLists.txt | ||
| crypto_examples.c | ||
| hmac_demo.c | ||
| key_ladder_demo.c | ||
| key_ladder_demo.sh | ||
| psa_constant_names.c | ||