RSA: wipe stack buffers
The RSA private key functions rsa_rsaes_pkcs1_v15_decrypt and
rsa_rsaes_oaep_decrypt put sensitive data (decryption results) on the
stack. Wipe it before returning.
Thanks to Laurent Simon for reporting this issue.
diff --git a/ChangeLog b/ChangeLog
index d13e9ce..4b0c1eb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,9 @@
= mbed TLS 2.x.x branch released xxxx-xx-xx
Security
+ * Wipe stack buffers in RSA private key operations
+ (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt).
+ Found by Laurent Simon.
* Add exponent blinding to RSA private operations as a countermeasure
against side-channel attacks like the cache attack described in
https://arxiv.org/abs/1702.08719v2.