commit b3f4e5b1e19927d85d38ccf5478e316270a52f20
author Gilles Peskine <Gilles.Peskine@arm.com> Mon Dec 13 12:33:18 2021 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Mon Dec 13 13:49:14 2021 +0100
tree ed6051f6ad58d97e375a3022463dcc63f78bf970
parent dc269bbd0853b6d85ecea5ded6d4a1208f2886c8

PSA hash verification: zeroize expected hash on hash mismatch

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index e3db912..a89430d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2249,6 +2249,7 @@
         status = PSA_ERROR_INVALID_SIGNATURE;
 
 exit:
+    mbedtls_platform_zeroize( actual_hash, sizeof( actual_hash ) );
     if( status != PSA_SUCCESS )
         psa_hash_abort(operation);
 
@@ -2283,12 +2284,18 @@
                             actual_hash, sizeof(actual_hash),
                             &actual_hash_length );
     if( status != PSA_SUCCESS )
-        return( status );
+        goto exit;
     if( actual_hash_length != hash_length )
-        return( PSA_ERROR_INVALID_SIGNATURE );
+    {
+        status = PSA_ERROR_INVALID_SIGNATURE;
+        goto exit;
+    }
     if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
-        return( PSA_ERROR_INVALID_SIGNATURE );
-    return( PSA_SUCCESS );
+        status = PSA_ERROR_INVALID_SIGNATURE;
+
+exit:
+    mbedtls_platform_zeroize( actual_hash, sizeof( actual_hash ) );
+    return( status );
 }
 
 psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation,