diff options
| author | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-11-18 03:53:37 +0100 |
|---|---|---|
| committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-11-18 03:53:37 +0100 |
| commit | 7476dc0e9ae620afa4a5a5fba90997a0af18fadc (patch) | |
| tree | 0a9c476249a4b9918a993606e844c72a467c2b43 | |
| parent | 3e8e646b91b7256ab46eb767951d2028f0dda0eb (diff) | |
| download | fastd-7476dc0e9ae620afa4a5a5fba90997a0af18fadc.tar fastd-7476dc0e9ae620afa4a5a5fba90997a0af18fadc.zip | |
secure_memzero all cipher and MAC states
4 files changed, 16 insertions, 4 deletions
diff --git a/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c b/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c index 4302157..5cb4bc7 100644 --- a/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c +++ b/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c @@ -65,7 +65,10 @@ static bool aes128_ctr_crypt(fastd_context_t *ctx UNUSED, const fastd_cipher_sta } static void aes128_ctr_free_state(fastd_context_t *ctx UNUSED, fastd_cipher_state_t *state) { - free(state); + if (state) { + secure_memzero(state, sizeof(*state)); + free(state); + } } static void aes128_ctr_free(fastd_context_t *ctx UNUSED, fastd_cipher_context_t *cctx UNUSED) { diff --git a/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c b/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c index bc5b85c..fb95359 100644 --- a/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c +++ b/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c @@ -316,7 +316,10 @@ static bool blowfish_ctr_crypt(fastd_context_t *ctx UNUSED, const fastd_cipher_s } static void blowfish_ctr_free_state(fastd_context_t *ctx UNUSED, fastd_cipher_state_t *state) { - free(state); + if (state) { + secure_memzero(state, sizeof(*state)); + free(state); + } } static void blowfish_ctr_free(fastd_context_t *ctx UNUSED, fastd_cipher_context_t *cctx UNUSED) { diff --git a/src/crypto/cipher/blowfish_ctr/openssl/blowfish_ctr.c b/src/crypto/cipher/blowfish_ctr/openssl/blowfish_ctr.c index 1eafb97..67dec0d 100644 --- a/src/crypto/cipher/blowfish_ctr/openssl/blowfish_ctr.c +++ b/src/crypto/cipher/blowfish_ctr/openssl/blowfish_ctr.c @@ -91,7 +91,10 @@ static bool blowfish_ctr_crypt(fastd_context_t *ctx UNUSED, const fastd_cipher_s } static void blowfish_ctr_free_state(fastd_context_t *ctx UNUSED, fastd_cipher_state_t *state) { - free(state); + if (state) { + secure_memzero(state, sizeof(*state)); + free(state); + } } static void blowfish_ctr_free(fastd_context_t *ctx UNUSED, fastd_cipher_context_t *cctx UNUSED) { diff --git a/src/crypto/mac/ghash/builtin/ghash_builtin.c b/src/crypto/mac/ghash/builtin/ghash_builtin.c index 34e118a..a243b2a 100644 --- a/src/crypto/mac/ghash/builtin/ghash_builtin.c +++ b/src/crypto/mac/ghash/builtin/ghash_builtin.c @@ -126,7 +126,10 @@ static bool ghash_hash(fastd_context_t *ctx UNUSED, const fastd_mac_state_t *sta } static void ghash_free_state(fastd_context_t *ctx UNUSED, fastd_mac_state_t *state) { - free(state); + if (state) { + secure_memzero(state, sizeof(*state)); + free(state); + } } static void ghash_free(fastd_context_t *ctx UNUSED, fastd_mac_context_t *mctx UNUSED) { |