RSA: wipe stack buffers The RSA private key functions rsa_rsaes_pkcs1_v15_decrypt and rsa_rsaes_oaep_decrypt put sensitive data (decryption results) on the stack. Wipe it before returning. Thanks to Laurent Simon for reporting this issue.

commit: 4a7f6a0ddbd5d35f941a537f7779918d93a281cb [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@normalesup.org> Thu Mar 23 14:37:37 2017 +0100
committer: Simon Butcher <simon.butcher@arm.com> Tue May 16 10:22:37 2017 +0100
tree: 3e2ebdf7a615c6b33ab40997741b52661b24ce9d
parent: 77da95357f6687959d0c97b910437e284d2cf4ba [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index d13e9ce..4b0c1eb 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -3,6 +3,9 @@
 = mbed TLS 2.x.x branch released xxxx-xx-xx
 
 Security
+   * Wipe stack buffers in RSA private key operations
+     (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt).
+     Found by Laurent Simon.
    * Add exponent blinding to RSA private operations as a countermeasure
      against side-channel attacks like the cache attack described in
      https://arxiv.org/abs/1702.08719v2.
commit	4a7f6a0ddbd5d35f941a537f7779918d93a281cb	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@normalesup.org>	Thu Mar 23 14:37:37 2017 +0100
committer	Simon Butcher <simon.butcher@arm.com>	Tue May 16 10:22:37 2017 +0100
tree	3e2ebdf7a615c6b33ab40997741b52661b24ce9d
parent	77da95357f6687959d0c97b910437e284d2cf4ba [diff] [blame]