From 7476dc0e9ae620afa4a5a5fba90997a0af18fadc Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Mon, 18 Nov 2013 03:53:37 +0100 Subject: secure_memzero all cipher and MAC states --- src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c | 5 ++++- src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c | 5 ++++- src/crypto/cipher/blowfish_ctr/openssl/blowfish_ctr.c | 5 ++++- src/crypto/mac/ghash/builtin/ghash_builtin.c | 5 ++++- 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c b/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c index 4302157..5cb4bc7 100644 --- a/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c +++ b/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c @@ -65,7 +65,10 @@ static bool aes128_ctr_crypt(fastd_context_t *ctx UNUSED, const fastd_cipher_sta } static void aes128_ctr_free_state(fastd_context_t *ctx UNUSED, fastd_cipher_state_t *state) { - free(state); + if (state) { + secure_memzero(state, sizeof(*state)); + free(state); + } } static void aes128_ctr_free(fastd_context_t *ctx UNUSED, fastd_cipher_context_t *cctx UNUSED) { diff --git a/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c b/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c index bc5b85c..fb95359 100644 --- a/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c +++ b/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c @@ -316,7 +316,10 @@ static bool blowfish_ctr_crypt(fastd_context_t *ctx UNUSED, const fastd_cipher_s } static void blowfish_ctr_free_state(fastd_context_t *ctx UNUSED, fastd_cipher_state_t *state) { - free(state); + if (state) { + secure_memzero(state, sizeof(*state)); + free(state); + } } static void blowfish_ctr_free(fastd_context_t *ctx UNUSED, fastd_cipher_context_t *cctx UNUSED) { diff --git a/src/crypto/cipher/blowfish_ctr/openssl/blowfish_ctr.c b/src/crypto/cipher/blowfish_ctr/openssl/blowfish_ctr.c index 1eafb97..67dec0d 100644 --- a/src/crypto/cipher/blowfish_ctr/openssl/blowfish_ctr.c +++ b/src/crypto/cipher/blowfish_ctr/openssl/blowfish_ctr.c @@ -91,7 +91,10 @@ static bool blowfish_ctr_crypt(fastd_context_t *ctx UNUSED, const fastd_cipher_s } static void blowfish_ctr_free_state(fastd_context_t *ctx UNUSED, fastd_cipher_state_t *state) { - free(state); + if (state) { + secure_memzero(state, sizeof(*state)); + free(state); + } } static void blowfish_ctr_free(fastd_context_t *ctx UNUSED, fastd_cipher_context_t *cctx UNUSED) { diff --git a/src/crypto/mac/ghash/builtin/ghash_builtin.c b/src/crypto/mac/ghash/builtin/ghash_builtin.c index 34e118a..a243b2a 100644 --- a/src/crypto/mac/ghash/builtin/ghash_builtin.c +++ b/src/crypto/mac/ghash/builtin/ghash_builtin.c @@ -126,7 +126,10 @@ static bool ghash_hash(fastd_context_t *ctx UNUSED, const fastd_mac_state_t *sta } static void ghash_free_state(fastd_context_t *ctx UNUSED, fastd_mac_state_t *state) { - free(state); + if (state) { + secure_memzero(state, sizeof(*state)); + free(state); + } } static void ghash_free(fastd_context_t *ctx UNUSED, fastd_mac_context_t *mctx UNUSED) { -- cgit v1.2.3