From 43c19648dbefa90d2c52136ecb2cee884caab1e4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 Nov 2018 16:37:23 +0100 Subject: [PATCH] Wipe stack buffers in block_cipher_df This is a partial backport of 1b3649906261dfaafcc5b8750279a0012c1c604a (only for the buffer wiping). Other wiping calls were previously added as backports of "CTR_DRBG: clean stack buffers" (d9aa84dc0d42dcb5e23ba2bb47ce39592193b8f1). This completes the backporting of stack buffer wiping from the development branch. --- library/ctr_drbg.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index c023c699e..d3888483a 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -226,6 +226,10 @@ static int block_cipher_df( unsigned char *output, mbedtls_aes_free( &aes_ctx ); + mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_zeroize( tmp, sizeof( tmp ) ); + mbedtls_zeroize( key, sizeof( key ) ); + mbedtls_zeroize( chain, sizeof( chain ) ); return( 0 ); }