Comments (4)
We will check this out and fix accordingly. Thanks for noticing.
from mbedtls.
Can you elaborate? All MPIs initialized in the sign and verify functions are cleared as well.
Are you referring to the MPIs in the group? You should free the group yourself outside of the sign and verify functions.
from mbedtls.
For example, ecdsa_verify declares (from https://github.com/polarssl/polarssl/blob/polarssl-1.3/library/ecdsa.c)
Line 118: mpi e, s_inv, u1, u2;
Line 119: ecp_point R, P;
These variables are freed at line 171,172 in the success case, but not if R is zero @ line 161 or if the signature fails @ line 167.
from mbedtls.
Correct.. Fixed in cca998a
from mbedtls.
Related Issues (20)
- Refactor the TLS 1.2 and TLS 1.3 certificate verification code
- Flexible array members are not standard C++
- Outcome analysis: complain about repeated configuration name
- Make sure accel list stays up-to-date in user-config-for-tests.h HOT 1
- Redefinition warnings depending on available curves HOT 1
- Install is not disabled when MbedTLS is used as subproject
- `MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK` is not used when TLS 1.3 is enabled (even with TLS 1.2 support) HOT 1
- [RSA2048-PSS ] mbedtls and openssl failed to verify signature generate by each other
- TLS 1.3 requirements are misleading HOT 1
- Using PSA Crypto without updating the git commit tree of mbedtls submodule HOT 4
- Parse a public key in PEM format error HOT 2
- mbedtls hangs after NewSessionTicket
- Missing ASN1 functions in a build with RSA_C
- Rename interruptible ECC sign hash in line with PSA Spec
- Design PSA interfaces for interruptible Ephemeral ECDH
- psa_generate_key() returned -27648 (-0x6c00) HOT 2
- SSL debug reports translated PSA error codes
- PSA only supports byte-aligned RSA key sizes
- Remove mbedtls_ssl_conf_rng()
- Reporting Bugs in Certificate Chain Validation
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mbedtls.