commit ca60937cf9dd6961242a3c0c9a4aca6f9a7dcb0d
author Andrzej Kurek <andrzej.kurek@arm.com> Wed Jul 08 03:19:02 2020 -0400
committer Andrzej Kurek <andrzej.kurek@arm.com> Wed Jul 08 09:25:49 2020 -0400
tree ca869cccc04b91a66c498f4d8a38e24525959fb4
parent 0919b142b6bb9c340f68b1112118506273b17483

Add buffer and context clearing upon suspected FI

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

library/ccm.c

diff --git a/library/ccm.c b/library/ccm.c
index ab0540b..54d051e 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -101,12 +101,14 @@
         return( ret );
     }
 
-    if( keybits_dup != keybits || key_dup != key )
+    if( keybits_dup == keybits && key_dup == key )
     {
-        return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+        return( ret );
     }
 
-    return( ret );
+    // In case of a FI - clear the context
+    mbedtls_cipher_free( &ctx->cipher_ctx );
+    return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
 }
 
 /*
@@ -336,6 +338,9 @@
         add_dup != add || add_len_dup != add_len || input_dup != input ||
         output_dup != output || tag_dup != tag || tag_len_dup != tag_len)
     {
+
+        // In case of a FI - clear the output
+        mbedtls_platform_memset( output, 0, length );
         return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
     }