Safely erase key material upon abort Some key derivation operation contexts (like psa_tls12_prf_key_derivation_t) directly contain buffers with parts of the derived key. Erase them safely as part of the abort.

commit: 083036af64c79c097b90c8eeb23036072ec1bf3b [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Tue Jun 11 10:22:26 2019 +0100
committer: Janos Follath <janos.follath@arm.com> Wed Jun 26 09:15:58 2019 +0100
tree: 6fbcf48267d4476efcb0653be57b3031c85a025a
parent: 71a4c9125b8d4df9151ee849ffb3511906b46818 [diff] [blame]
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index bf425df..924b291 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -3902,7 +3902,7 @@
     {
         status = PSA_ERROR_BAD_STATE;
     }
-    memset( operation, 0, sizeof( *operation ) );
+    mbedtls_platform_zeroize( operation, sizeof( *operation ) );
     return( status );
 }
commit	083036af64c79c097b90c8eeb23036072ec1bf3b	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Tue Jun 11 10:22:26 2019 +0100
committer	Janos Follath <janos.follath@arm.com>	Wed Jun 26 09:15:58 2019 +0100
tree	6fbcf48267d4476efcb0653be57b3031c85a025a
parent	71a4c9125b8d4df9151ee849ffb3511906b46818 [diff] [blame]