commit ca60937cf9dd6961242a3c0c9a4aca6f9a7dcb0d
author Andrzej Kurek <andrzej.kurek@arm.com> Wed Jul 08 03:19:02 2020 -0400
committer Andrzej Kurek <andrzej.kurek@arm.com> Wed Jul 08 09:25:49 2020 -0400
tree ca869cccc04b91a66c498f4d8a38e24525959fb4
parent 0919b142b6bb9c340f68b1112118506273b17483

Add buffer and context clearing upon suspected FI

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

library/sha256.c

diff --git a/library/sha256.c b/library/sha256.c
index bf52eae..493e88e 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -287,7 +287,8 @@
     {
         return( 0 );
     }
-
+    /* Free the ctx upon suspected FI */
+    mbedtls_sha256_free( ctx );
     return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
 }
 
@@ -362,6 +363,8 @@
             return( 0 );
         }
     }
+    /* Free the ctx upon suspected FI */
+    mbedtls_sha256_free( ctx );
     return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
 }
 
@@ -458,6 +461,9 @@
     {
         return( 0 );
     }
+    /* Free the ctx and clear output upon suspected FI */
+    mbedtls_sha256_free( ctx );
+    mbedtls_platform_memset( output, 0, 32 );
     return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
 }
 
@@ -506,6 +512,7 @@
     {
         return( ret );
     }
+    mbedtls_platform_memset( output, 0, 32 );
     return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
 }