Add buffer zeroization when ecp_write_key fails Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

commit: b7f6deaae7ab66bf39e2ec20d4747e0d4894d3ba [log] [tgz]
author: Steven Cooreman <steven.cooreman@silabs.com> Wed Aug 05 16:07:20 2020 +0200
committer: Steven Cooreman <steven.cooreman@silabs.com> Wed Aug 05 17:38:47 2020 +0200
tree: 5f7b468bae1d359e4578b82bb957fa48750bd7dc
parent: fd4d69a72e3e051eee1d3b5a7ecb7f2d806e9683 [diff]
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 43f6205..d931a50 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -863,9 +863,9 @@
                                            data,
                                            PSA_BITS_TO_BYTES( ecp->grp.nbits ) ) );
         if( status == PSA_SUCCESS )
-        {
             *data_length = PSA_BITS_TO_BYTES( ecp->grp.nbits );
-        }
+        else
+            memset( data, 0, data_size );
 
         return( status );
     }
@@ -5974,8 +5974,10 @@
             mbedtls_ecp_write_key( &ecp, slot->data.key.data, bytes ) );
 
         mbedtls_ecp_keypair_free( &ecp );
-        if( status != PSA_SUCCESS )
+        if( status != PSA_SUCCESS ) {
+            memset( slot->data.key.data, 0, bytes );
             psa_remove_key_data_from_memory( slot );
+        }
         return( status );
     }
     else
commit	b7f6deaae7ab66bf39e2ec20d4747e0d4894d3ba	[log] [tgz]
author	Steven Cooreman <steven.cooreman@silabs.com>	Wed Aug 05 16:07:20 2020 +0200
committer	Steven Cooreman <steven.cooreman@silabs.com>	Wed Aug 05 17:38:47 2020 +0200
tree	5f7b468bae1d359e4578b82bb957fa48750bd7dc
parent	fd4d69a72e3e051eee1d3b5a7ecb7f2d806e9683 [diff]