yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-29 18:24:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Modify zeroize internal buffers in md modules

Browse Source 
Modify all the following functions to zeroize an internal buffer before
exiting the function. The buffer could potentially contain confidential
data read from a file.

* md2_file()
* md4_file()
* md5_file()
* ripemd160_file()
* sha1_file()
* sha256_file()
* sha512_file()
This commit is contained in:
Andres Amaya Garcia 2017-09-20 11:47:49 +01:00
parent 2d829fb4b3
commit 3d98b97442
7 changed files with 56 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
library/md2.c
View File

@ -217,6 +217,7 @@ void md2( const unsigned char *input, size_t ilen, unsigned char output[16] )
*/ */
int md2_file( const char *path, unsigned char output[16] ) int md2_file( const char *path, unsigned char output[16] )
{ {
int ret = 0;
FILE *f; FILE *f;
size_t n; size_t n;
md2_context ctx; md2_context ctx;
@ -231,17 +232,16 @@ int md2_file( const char *path, unsigned char output[16] )
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
md2_update( &ctx, buf, n ); md2_update( &ctx, buf, n );
md2_finish( &ctx, output );
md2_free( &ctx );
if( ferror( f ) != 0 ) if( ferror( f ) != 0 )
{ ret = POLARSSL_ERR_MD2_FILE_IO_ERROR;
fclose( f ); else
return( POLARSSL_ERR_MD2_FILE_IO_ERROR ); md2_finish( &ctx, output );
}
md2_free( &ctx );
polarssl_zeroize( buf, sizeof( buf ) );
fclose( f ); fclose( f );
return( 0 );
return( ret );
} }
#endif /* POLARSSL_FS_IO */ #endif /* POLARSSL_FS_IO */

16
library/md4.c
View File

@ -313,6 +313,7 @@ void md4( const unsigned char *input, size_t ilen, unsigned char output[16] )
*/ */
int md4_file( const char *path, unsigned char output[16] ) int md4_file( const char *path, unsigned char output[16] )
{ {
int ret = 0;
FILE *f; FILE *f;
size_t n; size_t n;
md4_context ctx; md4_context ctx;
@ -327,17 +328,16 @@ int md4_file( const char *path, unsigned char output[16] )
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
md4_update( &ctx, buf, n ); md4_update( &ctx, buf, n );
md4_finish( &ctx, output );
md4_free( &ctx );
if( ferror( f ) != 0 ) if( ferror( f ) != 0 )
{ ret = POLARSSL_ERR_MD4_FILE_IO_ERROR;
fclose( f ); else
return( POLARSSL_ERR_MD4_FILE_IO_ERROR ); md4_finish( &ctx, output );
}
md4_free( &ctx );
polarssl_zeroize( buf, sizeof( buf ) );
fclose( f ); fclose( f );
return( 0 );
return( ret );
} }
#endif /* POLARSSL_FS_IO */ #endif /* POLARSSL_FS_IO */

16
library/md5.c
View File

@ -330,6 +330,7 @@ void md5( const unsigned char *input, size_t ilen, unsigned char output[16] )
*/ */
int md5_file( const char *path, unsigned char output[16] ) int md5_file( const char *path, unsigned char output[16] )
{ {
int ret = 0;
FILE *f; FILE *f;
size_t n; size_t n;
md5_context ctx; md5_context ctx;
@ -344,17 +345,16 @@ int md5_file( const char *path, unsigned char output[16] )
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
md5_update( &ctx, buf, n ); md5_update( &ctx, buf, n );
md5_finish( &ctx, output );
md5_free( &ctx );
if( ferror( f ) != 0 ) if( ferror( f ) != 0 )
{ ret = POLARSSL_ERR_MD5_FILE_IO_ERROR;
fclose( f ); else
return( POLARSSL_ERR_MD5_FILE_IO_ERROR ); md5_finish( &ctx, output );
}
md5_free( &ctx );
polarssl_zeroize( buf, sizeof( buf ) );
fclose( f ); fclose( f );
return( 0 );
return( ret );
} }
#endif /* POLARSSL_FS_IO */ #endif /* POLARSSL_FS_IO */

16
library/ripemd160.c
View File

@ -388,6 +388,7 @@ void ripemd160( const unsigned char *input, size_t ilen,
*/ */
int ripemd160_file( const char *path, unsigned char output[20] ) int ripemd160_file( const char *path, unsigned char output[20] )
{ {
int ret = 0;
FILE *f; FILE *f;
size_t n; size_t n;
ripemd160_context ctx; ripemd160_context ctx;
@ -402,17 +403,16 @@ int ripemd160_file( const char *path, unsigned char output[20] )
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
ripemd160_update( &ctx, buf, n ); ripemd160_update( &ctx, buf, n );
ripemd160_finish( &ctx, output );
ripemd160_free( &ctx );
if( ferror( f ) != 0 ) if( ferror( f ) != 0 )
{ ret = POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR;
fclose( f ); else
return( POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR ); ripemd160_finish( &ctx, output );
}
ripemd160_free( &ctx );
polarssl_zeroize( buf, sizeof( buf ) );
fclose( f ); fclose( f );
return( 0 );
return( ret );
} }
#endif /* POLARSSL_FS_IO */ #endif /* POLARSSL_FS_IO */

16
library/sha1.c
View File

@ -363,6 +363,7 @@ void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
*/ */
int sha1_file( const char *path, unsigned char output[20] ) int sha1_file( const char *path, unsigned char output[20] )
{ {
int ret = 0;
FILE *f; FILE *f;
size_t n; size_t n;
sha1_context ctx; sha1_context ctx;
@ -377,17 +378,16 @@ int sha1_file( const char *path, unsigned char output[20] )
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
sha1_update( &ctx, buf, n ); sha1_update( &ctx, buf, n );
sha1_finish( &ctx, output );
sha1_free( &ctx );
if( ferror( f ) != 0 ) if( ferror( f ) != 0 )
{ ret = POLARSSL_ERR_SHA1_FILE_IO_ERROR;
fclose( f ); else
return( POLARSSL_ERR_SHA1_FILE_IO_ERROR ); sha1_finish( &ctx, output );
}
sha1_free( &ctx );
polarssl_zeroize( buf, sizeof( buf ) );
fclose( f ); fclose( f );
return( 0 );
return( ret );
} }
#endif /* POLARSSL_FS_IO */ #endif /* POLARSSL_FS_IO */

16
library/sha256.c
View File

@ -366,6 +366,7 @@ void sha256( const unsigned char *input, size_t ilen,
*/ */
int sha256_file( const char *path, unsigned char output[32], int is224 ) int sha256_file( const char *path, unsigned char output[32], int is224 )
{ {
int ret = 0;
FILE *f; FILE *f;
size_t n; size_t n;
sha256_context ctx; sha256_context ctx;
@ -380,17 +381,16 @@ int sha256_file( const char *path, unsigned char output[32], int is224 )
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
sha256_update( &ctx, buf, n ); sha256_update( &ctx, buf, n );
sha256_finish( &ctx, output );
sha256_free( &ctx );
if( ferror( f ) != 0 ) if( ferror( f ) != 0 )
{ ret = POLARSSL_ERR_SHA256_FILE_IO_ERROR;
fclose( f ); else
return( POLARSSL_ERR_SHA256_FILE_IO_ERROR ); sha256_finish( &ctx, output );
}
sha256_free( &ctx );
polarssl_zeroize( buf, sizeof( buf ) );
fclose( f ); fclose( f );
return( 0 );
return( ret );
} }
#endif /* POLARSSL_FS_IO */ #endif /* POLARSSL_FS_IO */

16
library/sha512.c
View File

@ -370,6 +370,7 @@ void sha512( const unsigned char *input, size_t ilen,
*/ */
int sha512_file( const char *path, unsigned char output[64], int is384 ) int sha512_file( const char *path, unsigned char output[64], int is384 )
{ {
int ret = 0;
FILE *f; FILE *f;
size_t n; size_t n;
sha512_context ctx; sha512_context ctx;
@ -384,17 +385,16 @@ int sha512_file( const char *path, unsigned char output[64], int is384 )
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
sha512_update( &ctx, buf, n ); sha512_update( &ctx, buf, n );
sha512_finish( &ctx, output );
sha512_free( &ctx );
if( ferror( f ) != 0 ) if( ferror( f ) != 0 )
{ ret = POLARSSL_ERR_SHA512_FILE_IO_ERROR;
fclose( f ); else
return( POLARSSL_ERR_SHA512_FILE_IO_ERROR ); sha512_finish( &ctx, output );
}
sha512_free( &ctx );
polarssl_zeroize( buf, sizeof( buf ) );
fclose( f ); fclose( f );
return( 0 );
return( ret );
} }
#endif /* POLARSSL_FS_IO */ #endif /* POLARSSL_FS_IO */