Add buffer and context clearing upon suspected FI Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

commit: ca60937cf9dd6961242a3c0c9a4aca6f9a7dcb0d [log] [tgz]
author: Andrzej Kurek <andrzej.kurek@arm.com> Wed Jul 08 03:19:02 2020 -0400
committer: Andrzej Kurek <andrzej.kurek@arm.com> Wed Jul 08 09:25:49 2020 -0400
tree: ca869cccc04b91a66c498f4d8a38e24525959fb4
parent: 0919b142b6bb9c340f68b1112118506273b17483 [diff] [blame]
diff --git a/tinycrypt/ecc_dsa.c b/tinycrypt/ecc_dsa.c
index 2b06d44..15098e8 100644
--- a/tinycrypt/ecc_dsa.c
+++ b/tinycrypt/ecc_dsa.c

@@ -165,11 +165,13 @@
 		r = uECC_sign_with_k(private_key, message_hash, hash_size, k, signature);
 		/* don't keep trying if a fault was detected */
 		if (r == UECC_FAULT_DETECTED) {
+		    mbedtls_platform_memset(signature, 0, 2*NUM_ECC_BYTES);
 			return r;
 		}
 		if (r == UECC_SUCCESS) {
 			if (private_key_dup != private_key || message_hash_dup != message_hash ||
 				hash_size_dup != hash_size || signature_dup != signature) {
+			    mbedtls_platform_memset(signature, 0, 2*NUM_ECC_BYTES);
 				return UECC_FAULT_DETECTED;
 			}
 			return UECC_SUCCESS;
commit	ca60937cf9dd6961242a3c0c9a4aca6f9a7dcb0d	[log] [tgz]
author	Andrzej Kurek <andrzej.kurek@arm.com>	Wed Jul 08 03:19:02 2020 -0400
committer	Andrzej Kurek <andrzej.kurek@arm.com>	Wed Jul 08 09:25:49 2020 -0400
tree	ca869cccc04b91a66c498f4d8a38e24525959fb4
parent	0919b142b6bb9c340f68b1112118506273b17483 [diff] [blame]