Add buffer and context clearing upon suspected FI
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/library/sha256.c b/library/sha256.c
index bf52eae..493e88e 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -287,7 +287,8 @@
{
return( 0 );
}
-
+ /* Free the ctx upon suspected FI */
+ mbedtls_sha256_free( ctx );
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
@@ -362,6 +363,8 @@
return( 0 );
}
}
+ /* Free the ctx upon suspected FI */
+ mbedtls_sha256_free( ctx );
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
@@ -458,6 +461,9 @@
{
return( 0 );
}
+ /* Free the ctx and clear output upon suspected FI */
+ mbedtls_sha256_free( ctx );
+ mbedtls_platform_memset( output, 0, 32 );
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
@@ -506,6 +512,7 @@
{
return( ret );
}
+ mbedtls_platform_memset( output, 0, 32 );
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}