mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 13:05:28 +00:00
Modify zeroize internal buffers in md modules
Modify all the following functions to zeroize an internal buffer before exiting the function. The buffer could potentially contain confidential data read from a file. * md2_file() * md4_file() * md5_file() * ripemd160_file() * sha1_file() * sha256_file() * sha512_file()
This commit is contained in:
parent
2d829fb4b3
commit
3d98b97442
|
@ -217,6 +217,7 @@ void md2( const unsigned char *input, size_t ilen, unsigned char output[16] )
|
|||
*/
|
||||
int md2_file( const char *path, unsigned char output[16] )
|
||||
{
|
||||
int ret = 0;
|
||||
FILE *f;
|
||||
size_t n;
|
||||
md2_context ctx;
|
||||
|
@ -231,17 +232,16 @@ int md2_file( const char *path, unsigned char output[16] )
|
|||
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
||||
md2_update( &ctx, buf, n );
|
||||
|
||||
md2_finish( &ctx, output );
|
||||
md2_free( &ctx );
|
||||
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
fclose( f );
|
||||
return( POLARSSL_ERR_MD2_FILE_IO_ERROR );
|
||||
}
|
||||
ret = POLARSSL_ERR_MD2_FILE_IO_ERROR;
|
||||
else
|
||||
md2_finish( &ctx, output );
|
||||
|
||||
md2_free( &ctx );
|
||||
polarssl_zeroize( buf, sizeof( buf ) );
|
||||
fclose( f );
|
||||
return( 0 );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* POLARSSL_FS_IO */
|
||||
|
||||
|
|
|
@ -313,6 +313,7 @@ void md4( const unsigned char *input, size_t ilen, unsigned char output[16] )
|
|||
*/
|
||||
int md4_file( const char *path, unsigned char output[16] )
|
||||
{
|
||||
int ret = 0;
|
||||
FILE *f;
|
||||
size_t n;
|
||||
md4_context ctx;
|
||||
|
@ -327,17 +328,16 @@ int md4_file( const char *path, unsigned char output[16] )
|
|||
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
||||
md4_update( &ctx, buf, n );
|
||||
|
||||
md4_finish( &ctx, output );
|
||||
md4_free( &ctx );
|
||||
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
fclose( f );
|
||||
return( POLARSSL_ERR_MD4_FILE_IO_ERROR );
|
||||
}
|
||||
ret = POLARSSL_ERR_MD4_FILE_IO_ERROR;
|
||||
else
|
||||
md4_finish( &ctx, output );
|
||||
|
||||
md4_free( &ctx );
|
||||
polarssl_zeroize( buf, sizeof( buf ) );
|
||||
fclose( f );
|
||||
return( 0 );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* POLARSSL_FS_IO */
|
||||
|
||||
|
|
|
@ -330,6 +330,7 @@ void md5( const unsigned char *input, size_t ilen, unsigned char output[16] )
|
|||
*/
|
||||
int md5_file( const char *path, unsigned char output[16] )
|
||||
{
|
||||
int ret = 0;
|
||||
FILE *f;
|
||||
size_t n;
|
||||
md5_context ctx;
|
||||
|
@ -344,17 +345,16 @@ int md5_file( const char *path, unsigned char output[16] )
|
|||
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
||||
md5_update( &ctx, buf, n );
|
||||
|
||||
md5_finish( &ctx, output );
|
||||
md5_free( &ctx );
|
||||
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
fclose( f );
|
||||
return( POLARSSL_ERR_MD5_FILE_IO_ERROR );
|
||||
}
|
||||
ret = POLARSSL_ERR_MD5_FILE_IO_ERROR;
|
||||
else
|
||||
md5_finish( &ctx, output );
|
||||
|
||||
md5_free( &ctx );
|
||||
polarssl_zeroize( buf, sizeof( buf ) );
|
||||
fclose( f );
|
||||
return( 0 );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* POLARSSL_FS_IO */
|
||||
|
||||
|
|
|
@ -388,6 +388,7 @@ void ripemd160( const unsigned char *input, size_t ilen,
|
|||
*/
|
||||
int ripemd160_file( const char *path, unsigned char output[20] )
|
||||
{
|
||||
int ret = 0;
|
||||
FILE *f;
|
||||
size_t n;
|
||||
ripemd160_context ctx;
|
||||
|
@ -402,17 +403,16 @@ int ripemd160_file( const char *path, unsigned char output[20] )
|
|||
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
||||
ripemd160_update( &ctx, buf, n );
|
||||
|
||||
ripemd160_finish( &ctx, output );
|
||||
ripemd160_free( &ctx );
|
||||
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
fclose( f );
|
||||
return( POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR );
|
||||
}
|
||||
ret = POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR;
|
||||
else
|
||||
ripemd160_finish( &ctx, output );
|
||||
|
||||
ripemd160_free( &ctx );
|
||||
polarssl_zeroize( buf, sizeof( buf ) );
|
||||
fclose( f );
|
||||
return( 0 );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* POLARSSL_FS_IO */
|
||||
|
||||
|
|
|
@ -363,6 +363,7 @@ void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
|
|||
*/
|
||||
int sha1_file( const char *path, unsigned char output[20] )
|
||||
{
|
||||
int ret = 0;
|
||||
FILE *f;
|
||||
size_t n;
|
||||
sha1_context ctx;
|
||||
|
@ -377,17 +378,16 @@ int sha1_file( const char *path, unsigned char output[20] )
|
|||
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
||||
sha1_update( &ctx, buf, n );
|
||||
|
||||
sha1_finish( &ctx, output );
|
||||
sha1_free( &ctx );
|
||||
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
fclose( f );
|
||||
return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
|
||||
}
|
||||
ret = POLARSSL_ERR_SHA1_FILE_IO_ERROR;
|
||||
else
|
||||
sha1_finish( &ctx, output );
|
||||
|
||||
sha1_free( &ctx );
|
||||
polarssl_zeroize( buf, sizeof( buf ) );
|
||||
fclose( f );
|
||||
return( 0 );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* POLARSSL_FS_IO */
|
||||
|
||||
|
|
|
@ -366,6 +366,7 @@ void sha256( const unsigned char *input, size_t ilen,
|
|||
*/
|
||||
int sha256_file( const char *path, unsigned char output[32], int is224 )
|
||||
{
|
||||
int ret = 0;
|
||||
FILE *f;
|
||||
size_t n;
|
||||
sha256_context ctx;
|
||||
|
@ -380,17 +381,16 @@ int sha256_file( const char *path, unsigned char output[32], int is224 )
|
|||
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
||||
sha256_update( &ctx, buf, n );
|
||||
|
||||
sha256_finish( &ctx, output );
|
||||
sha256_free( &ctx );
|
||||
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
fclose( f );
|
||||
return( POLARSSL_ERR_SHA256_FILE_IO_ERROR );
|
||||
}
|
||||
ret = POLARSSL_ERR_SHA256_FILE_IO_ERROR;
|
||||
else
|
||||
sha256_finish( &ctx, output );
|
||||
|
||||
sha256_free( &ctx );
|
||||
polarssl_zeroize( buf, sizeof( buf ) );
|
||||
fclose( f );
|
||||
return( 0 );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* POLARSSL_FS_IO */
|
||||
|
||||
|
|
|
@ -370,6 +370,7 @@ void sha512( const unsigned char *input, size_t ilen,
|
|||
*/
|
||||
int sha512_file( const char *path, unsigned char output[64], int is384 )
|
||||
{
|
||||
int ret = 0;
|
||||
FILE *f;
|
||||
size_t n;
|
||||
sha512_context ctx;
|
||||
|
@ -384,17 +385,16 @@ int sha512_file( const char *path, unsigned char output[64], int is384 )
|
|||
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
||||
sha512_update( &ctx, buf, n );
|
||||
|
||||
sha512_finish( &ctx, output );
|
||||
sha512_free( &ctx );
|
||||
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
fclose( f );
|
||||
return( POLARSSL_ERR_SHA512_FILE_IO_ERROR );
|
||||
}
|
||||
ret = POLARSSL_ERR_SHA512_FILE_IO_ERROR;
|
||||
else
|
||||
sha512_finish( &ctx, output );
|
||||
|
||||
sha512_free( &ctx );
|
||||
polarssl_zeroize( buf, sizeof( buf ) );
|
||||
fclose( f );
|
||||
return( 0 );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* POLARSSL_FS_IO */
|
||||
|
||||
|
|
Loading…
Reference in a new issue