OrgZephyr/mcuboot
OrgZephyr
/
mcuboot
mirror of https://github.com/zephyrproject-rtos/mcuboot.git
1
0
Fork 0
Code Issues Releases Wiki Activity
mcuboot/boot/bootutil
History
Thomas Altenbach 50b7b9ee2c bootutil: Fix AES and SHA-256 contexts not zeroized with mbedTLS 
For some reason, the calls to mbedtls_aes_free, mbedtls_nist_kw_free and
mbedtls_sha256_free_drop were commented out which means the AES and
SHA-256 contexts were not properly de-initialized after usage when
mbedTLS is used. In the case of AES-KW it seems that might lead to a
memory leak depending on the mbedTLS configuration, but in any case and
independently of the mbedTLS configuration, this leads to the contexts
not be zeroized after usage.

Not zeroizing a context means it stays in RAM an undefined amount of
time, which might enable an attacker to access it and to dump the
sensitive data it contains.

Signed-off-by: Thomas Altenbach <thomas.altenbach@legrand.com>
(cherry picked from commit 5d5f04923f)
 		2024-11-04 14:28:43 +00:00
..
include/bootutil bootutil: Fix AES and SHA-256 contexts not zeroized with mbedTLS 2024-11-04 14:28:43 +00:00
src bootutil: Add better mode selection checks 2024-11-04 14:28:38 +00:00
zephyr zephyr: direct inclusion of the hooks file 2022-08-04 11:17:19 +02:00
CMakeLists.txt bootutil/crypto: Have a single ECDSA verification module 2023-04-26 13:57:53 +02:00
pkg.yml mynewt: Igore swap_scratch.c for single application slot 2024-05-23 18:09:36 +02:00