mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-02 00:24:19 +01:00
Modify zeroize internal buffers in md modules
Modify all the following functions to zeroize an internal buffer before exiting the function. The buffer could potentially contain confidential data read from a file. * md2_file() * md4_file() * md5_file() * ripemd160_file() * sha1_file() * sha256_file() * sha512_file()
This commit is contained in:
parent
2d829fb4b3
commit
3d98b97442
@ -217,6 +217,7 @@ void md2( const unsigned char *input, size_t ilen, unsigned char output[16] )
|
|||||||
*/
|
*/
|
||||||
int md2_file( const char *path, unsigned char output[16] )
|
int md2_file( const char *path, unsigned char output[16] )
|
||||||
{
|
{
|
||||||
|
int ret = 0;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
size_t n;
|
size_t n;
|
||||||
md2_context ctx;
|
md2_context ctx;
|
||||||
@ -231,17 +232,16 @@ int md2_file( const char *path, unsigned char output[16] )
|
|||||||
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
||||||
md2_update( &ctx, buf, n );
|
md2_update( &ctx, buf, n );
|
||||||
|
|
||||||
md2_finish( &ctx, output );
|
|
||||||
md2_free( &ctx );
|
|
||||||
|
|
||||||
if( ferror( f ) != 0 )
|
if( ferror( f ) != 0 )
|
||||||
{
|
ret = POLARSSL_ERR_MD2_FILE_IO_ERROR;
|
||||||
fclose( f );
|
else
|
||||||
return( POLARSSL_ERR_MD2_FILE_IO_ERROR );
|
md2_finish( &ctx, output );
|
||||||
}
|
|
||||||
|
|
||||||
|
md2_free( &ctx );
|
||||||
|
polarssl_zeroize( buf, sizeof( buf ) );
|
||||||
fclose( f );
|
fclose( f );
|
||||||
return( 0 );
|
|
||||||
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_FS_IO */
|
#endif /* POLARSSL_FS_IO */
|
||||||
|
|
||||||
|
@ -313,6 +313,7 @@ void md4( const unsigned char *input, size_t ilen, unsigned char output[16] )
|
|||||||
*/
|
*/
|
||||||
int md4_file( const char *path, unsigned char output[16] )
|
int md4_file( const char *path, unsigned char output[16] )
|
||||||
{
|
{
|
||||||
|
int ret = 0;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
size_t n;
|
size_t n;
|
||||||
md4_context ctx;
|
md4_context ctx;
|
||||||
@ -327,17 +328,16 @@ int md4_file( const char *path, unsigned char output[16] )
|
|||||||
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
||||||
md4_update( &ctx, buf, n );
|
md4_update( &ctx, buf, n );
|
||||||
|
|
||||||
md4_finish( &ctx, output );
|
|
||||||
md4_free( &ctx );
|
|
||||||
|
|
||||||
if( ferror( f ) != 0 )
|
if( ferror( f ) != 0 )
|
||||||
{
|
ret = POLARSSL_ERR_MD4_FILE_IO_ERROR;
|
||||||
fclose( f );
|
else
|
||||||
return( POLARSSL_ERR_MD4_FILE_IO_ERROR );
|
md4_finish( &ctx, output );
|
||||||
}
|
|
||||||
|
|
||||||
|
md4_free( &ctx );
|
||||||
|
polarssl_zeroize( buf, sizeof( buf ) );
|
||||||
fclose( f );
|
fclose( f );
|
||||||
return( 0 );
|
|
||||||
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_FS_IO */
|
#endif /* POLARSSL_FS_IO */
|
||||||
|
|
||||||
|
@ -330,6 +330,7 @@ void md5( const unsigned char *input, size_t ilen, unsigned char output[16] )
|
|||||||
*/
|
*/
|
||||||
int md5_file( const char *path, unsigned char output[16] )
|
int md5_file( const char *path, unsigned char output[16] )
|
||||||
{
|
{
|
||||||
|
int ret = 0;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
size_t n;
|
size_t n;
|
||||||
md5_context ctx;
|
md5_context ctx;
|
||||||
@ -344,17 +345,16 @@ int md5_file( const char *path, unsigned char output[16] )
|
|||||||
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
||||||
md5_update( &ctx, buf, n );
|
md5_update( &ctx, buf, n );
|
||||||
|
|
||||||
md5_finish( &ctx, output );
|
|
||||||
md5_free( &ctx );
|
|
||||||
|
|
||||||
if( ferror( f ) != 0 )
|
if( ferror( f ) != 0 )
|
||||||
{
|
ret = POLARSSL_ERR_MD5_FILE_IO_ERROR;
|
||||||
fclose( f );
|
else
|
||||||
return( POLARSSL_ERR_MD5_FILE_IO_ERROR );
|
md5_finish( &ctx, output );
|
||||||
}
|
|
||||||
|
|
||||||
|
md5_free( &ctx );
|
||||||
|
polarssl_zeroize( buf, sizeof( buf ) );
|
||||||
fclose( f );
|
fclose( f );
|
||||||
return( 0 );
|
|
||||||
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_FS_IO */
|
#endif /* POLARSSL_FS_IO */
|
||||||
|
|
||||||
|
@ -388,6 +388,7 @@ void ripemd160( const unsigned char *input, size_t ilen,
|
|||||||
*/
|
*/
|
||||||
int ripemd160_file( const char *path, unsigned char output[20] )
|
int ripemd160_file( const char *path, unsigned char output[20] )
|
||||||
{
|
{
|
||||||
|
int ret = 0;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
size_t n;
|
size_t n;
|
||||||
ripemd160_context ctx;
|
ripemd160_context ctx;
|
||||||
@ -402,17 +403,16 @@ int ripemd160_file( const char *path, unsigned char output[20] )
|
|||||||
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
||||||
ripemd160_update( &ctx, buf, n );
|
ripemd160_update( &ctx, buf, n );
|
||||||
|
|
||||||
ripemd160_finish( &ctx, output );
|
|
||||||
ripemd160_free( &ctx );
|
|
||||||
|
|
||||||
if( ferror( f ) != 0 )
|
if( ferror( f ) != 0 )
|
||||||
{
|
ret = POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR;
|
||||||
fclose( f );
|
else
|
||||||
return( POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR );
|
ripemd160_finish( &ctx, output );
|
||||||
}
|
|
||||||
|
|
||||||
|
ripemd160_free( &ctx );
|
||||||
|
polarssl_zeroize( buf, sizeof( buf ) );
|
||||||
fclose( f );
|
fclose( f );
|
||||||
return( 0 );
|
|
||||||
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_FS_IO */
|
#endif /* POLARSSL_FS_IO */
|
||||||
|
|
||||||
|
@ -363,6 +363,7 @@ void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
|
|||||||
*/
|
*/
|
||||||
int sha1_file( const char *path, unsigned char output[20] )
|
int sha1_file( const char *path, unsigned char output[20] )
|
||||||
{
|
{
|
||||||
|
int ret = 0;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
size_t n;
|
size_t n;
|
||||||
sha1_context ctx;
|
sha1_context ctx;
|
||||||
@ -377,17 +378,16 @@ int sha1_file( const char *path, unsigned char output[20] )
|
|||||||
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
||||||
sha1_update( &ctx, buf, n );
|
sha1_update( &ctx, buf, n );
|
||||||
|
|
||||||
sha1_finish( &ctx, output );
|
|
||||||
sha1_free( &ctx );
|
|
||||||
|
|
||||||
if( ferror( f ) != 0 )
|
if( ferror( f ) != 0 )
|
||||||
{
|
ret = POLARSSL_ERR_SHA1_FILE_IO_ERROR;
|
||||||
fclose( f );
|
else
|
||||||
return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
|
sha1_finish( &ctx, output );
|
||||||
}
|
|
||||||
|
|
||||||
|
sha1_free( &ctx );
|
||||||
|
polarssl_zeroize( buf, sizeof( buf ) );
|
||||||
fclose( f );
|
fclose( f );
|
||||||
return( 0 );
|
|
||||||
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_FS_IO */
|
#endif /* POLARSSL_FS_IO */
|
||||||
|
|
||||||
|
@ -366,6 +366,7 @@ void sha256( const unsigned char *input, size_t ilen,
|
|||||||
*/
|
*/
|
||||||
int sha256_file( const char *path, unsigned char output[32], int is224 )
|
int sha256_file( const char *path, unsigned char output[32], int is224 )
|
||||||
{
|
{
|
||||||
|
int ret = 0;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
size_t n;
|
size_t n;
|
||||||
sha256_context ctx;
|
sha256_context ctx;
|
||||||
@ -380,17 +381,16 @@ int sha256_file( const char *path, unsigned char output[32], int is224 )
|
|||||||
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
||||||
sha256_update( &ctx, buf, n );
|
sha256_update( &ctx, buf, n );
|
||||||
|
|
||||||
sha256_finish( &ctx, output );
|
|
||||||
sha256_free( &ctx );
|
|
||||||
|
|
||||||
if( ferror( f ) != 0 )
|
if( ferror( f ) != 0 )
|
||||||
{
|
ret = POLARSSL_ERR_SHA256_FILE_IO_ERROR;
|
||||||
fclose( f );
|
else
|
||||||
return( POLARSSL_ERR_SHA256_FILE_IO_ERROR );
|
sha256_finish( &ctx, output );
|
||||||
}
|
|
||||||
|
|
||||||
|
sha256_free( &ctx );
|
||||||
|
polarssl_zeroize( buf, sizeof( buf ) );
|
||||||
fclose( f );
|
fclose( f );
|
||||||
return( 0 );
|
|
||||||
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_FS_IO */
|
#endif /* POLARSSL_FS_IO */
|
||||||
|
|
||||||
|
@ -370,6 +370,7 @@ void sha512( const unsigned char *input, size_t ilen,
|
|||||||
*/
|
*/
|
||||||
int sha512_file( const char *path, unsigned char output[64], int is384 )
|
int sha512_file( const char *path, unsigned char output[64], int is384 )
|
||||||
{
|
{
|
||||||
|
int ret = 0;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
size_t n;
|
size_t n;
|
||||||
sha512_context ctx;
|
sha512_context ctx;
|
||||||
@ -384,17 +385,16 @@ int sha512_file( const char *path, unsigned char output[64], int is384 )
|
|||||||
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
||||||
sha512_update( &ctx, buf, n );
|
sha512_update( &ctx, buf, n );
|
||||||
|
|
||||||
sha512_finish( &ctx, output );
|
|
||||||
sha512_free( &ctx );
|
|
||||||
|
|
||||||
if( ferror( f ) != 0 )
|
if( ferror( f ) != 0 )
|
||||||
{
|
ret = POLARSSL_ERR_SHA512_FILE_IO_ERROR;
|
||||||
fclose( f );
|
else
|
||||||
return( POLARSSL_ERR_SHA512_FILE_IO_ERROR );
|
sha512_finish( &ctx, output );
|
||||||
}
|
|
||||||
|
|
||||||
|
sha512_free( &ctx );
|
||||||
|
polarssl_zeroize( buf, sizeof( buf ) );
|
||||||
fclose( f );
|
fclose( f );
|
||||||
return( 0 );
|
|
||||||
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_FS_IO */
|
#endif /* POLARSSL_FS_IO */
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user