RSA: wipe more stack buffers MGF mask and PSS salt are not highly sensitive, but wipe them anyway for good hygiene.

commit: 18ac716021aa15b991a4d24fdf1c605cd3c8df1f [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Fri May 05 19:24:06 2017 +0200
committer: Simon Butcher <simon.butcher@arm.com> Tue May 16 10:22:37 2017 +0100
tree: c47b6dbf817c007ba8561eeba229cb8c22cf81fc
parent: 4a7f6a0ddbd5d35f941a537f7779918d93a281cb [diff] [blame]
diff --git a/library/rsa.c b/library/rsa.c
index 8179b18..122bc13 100644
--- a/library/rsa.c
+++ b/library/rsa.c

@@ -601,6 +601,8 @@
 
         dlen -= use_len;
     }
+
+    mbedtls_zeroize( mask, sizeof( mask ) );
 }
 #endif /* MBEDTLS_PKCS1_V21 */
 
@@ -1107,6 +1109,7 @@
     if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
     {
         mbedtls_md_free( &md_ctx );
+        /* No need to zeroize salt: we didn't use it. */
         return( ret );
     }
 
@@ -1116,6 +1119,7 @@
     mbedtls_md_update( &md_ctx, hash, hashlen );
     mbedtls_md_update( &md_ctx, salt, slen );
     mbedtls_md_finish( &md_ctx, p );
+    mbedtls_zeroize( salt, sizeof( salt ) );
 
     /* Compensate for boundary condition when applying mask */
     if( msb % 8 == 0 )
commit	18ac716021aa15b991a4d24fdf1c605cd3c8df1f	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Fri May 05 19:24:06 2017 +0200
committer	Simon Butcher <simon.butcher@arm.com>	Tue May 16 10:22:37 2017 +0100
tree	c47b6dbf817c007ba8561eeba229cb8c22cf81fc
parent	4a7f6a0ddbd5d35f941a537f7779918d93a281cb [diff] [blame]