Zeroize temporary heap buffers used when deriving an ECC key
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/ChangeLog.d/psa-zeroize.txt b/ChangeLog.d/psa-zeroize.txt
index e597302..6bdaa00 100644
--- a/ChangeLog.d/psa-zeroize.txt
+++ b/ChangeLog.d/psa-zeroize.txt
@@ -1,2 +1,4 @@
Security
+ * Zeroize a temporary heap buffer used in psa_key_derivation_output_key()
+ when deriving an ECC key pair.
* Zeroize temporary heap buffers used in PSA operations.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 54e497e..d959587 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -6389,7 +6389,7 @@
status = mbedtls_to_psa_error(ret);
}
if (status != PSA_SUCCESS) {
- mbedtls_free(*data);
+ mbedtls_zeroize_and_free(*data, m_bytes);
*data = NULL;
}
mbedtls_mpi_free(&k);
@@ -6564,7 +6564,7 @@
}
exit:
- mbedtls_free(data);
+ mbedtls_zeroize_and_free(data, bytes);
return status;
}