commit 60aebec47e02d03d720d568a557b02e57bed6219
author Gilles Peskine <Gilles.Peskine@arm.com> Mon Dec 13 12:33:18 2021 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Mon Dec 13 12:33:18 2021 +0100
tree b026c92ab9ce181c8f8cee55cb58cfd4358f5cb1
parent e7835d92c1dc2391df199e77d7d095d235e6b95e

PSA hash verification: zeroize expected hash on hash mismatch

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 9f5b946..f257651 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2210,6 +2210,7 @@
         status = PSA_ERROR_INVALID_SIGNATURE;
 
 exit:
+    mbedtls_platform_zeroize( actual_hash, sizeof( actual_hash ) );
     if( status != PSA_SUCCESS )
         psa_hash_abort(operation);
 
@@ -2244,12 +2245,18 @@
                             actual_hash, sizeof(actual_hash),
                             &actual_hash_length );
     if( status != PSA_SUCCESS )
-        return( status );
+        goto exit;
     if( actual_hash_length != hash_length )
-        return( PSA_ERROR_INVALID_SIGNATURE );
+    {
+        status = PSA_ERROR_INVALID_SIGNATURE;
+        goto exit;
+    }
     if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
-        return( PSA_ERROR_INVALID_SIGNATURE );
-    return( PSA_SUCCESS );
+        status = PSA_ERROR_INVALID_SIGNATURE;
+
+exit:
+    mbedtls_platform_zeroize( actual_hash, sizeof( actual_hash ) );
+    return( status );
 }
 
 psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation,