pkcs11: zeroize buffer earlier on failurearchive/feature-opaque-keys-RSA

Change the buffer zeroization so that it happens earlier
author: Andrzej Kurek <andrzej.kurek@arm.com> 2018-03-20 05:02:29 -0400
committer: Andrzej Kurek <andrzej.kurek@arm.com> 2018-03-20 05:02:29 -0400
commit: b23b04d1777074d340e64fb137016bf74414e168 (patch)
tree: e11213c1f4ae80c20bc782a127c288aeeba3afcb
parent: 686a05e90cb59dda0658db1dc3f20b4734e6b063 (diff)
download: mbedtls-archive/feature-opaque-keys-RSA.zip
mbedtls-archive/feature-opaque-keys-RSA.tar.gz
mbedtls-archive/feature-opaque-keys-RSA.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/library/pkcs11_client.c b/library/pkcs11_client.c
index 82cc0e1..1244f40 100644
--- a/library/pkcs11_client.c
+++ b/library/pkcs11_client.c
@@ -157,6 +157,8 @@ static int pkcs11_sign_core( mbedtls_pk_pkcs11_context_t *ctx,
         goto exit;
     *sig_len = ck_sig_len;
 exit:
+    if( rv != CKR_OK )
+        memset( sig, 0, ck_sig_len );
     return( pkcs11_err_to_mbedtls_pk_err( rv ) );
 }
 #endif /* MBEDTLS_RSA_C */
@@ -226,8 +228,6 @@ static int pkcs11_sign( void *ctx_arg,
         return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
     }
 
-    if( ret != 0 )
-        memset( sig, 0, *sig_len );
     return( ret );
 }
author	Andrzej Kurek <andrzej.kurek@arm.com>	2018-03-20 05:02:29 -0400
committer	Andrzej Kurek <andrzej.kurek@arm.com>	2018-03-20 05:02:29 -0400
commit	b23b04d1777074d340e64fb137016bf74414e168 (patch)
tree	e11213c1f4ae80c20bc782a127c288aeeba3afcb
parent	686a05e90cb59dda0658db1dc3f20b4734e6b063 (diff)
download	mbedtls-archive/feature-opaque-keys-RSA.zip mbedtls-archive/feature-opaque-keys-RSA.tar.gz mbedtls-archive/feature-opaque-keys-RSA.tar.bz2