Force cleanup before return

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
This commit is contained in:
gabor-mezei-arm 2020-08-19 14:01:03 +02:00
parent 461c5a89df
commit 77d9401705
No known key found for this signature in database
GPG key ID: 106F5A41ECC305BD

View file

@ -252,7 +252,7 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p
unsigned int iteration_count, unsigned int iteration_count,
uint32_t key_length, unsigned char *output ) uint32_t key_length, unsigned char *output )
{ {
int ret, j; int ret = 0, j;
unsigned int i; unsigned int i;
unsigned char md1[MBEDTLS_MD_MAX_SIZE]; unsigned char md1[MBEDTLS_MD_MAX_SIZE];
unsigned char work[MBEDTLS_MD_MAX_SIZE]; unsigned char work[MBEDTLS_MD_MAX_SIZE];
@ -274,16 +274,16 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p
// U1 ends up in work // U1 ends up in work
// //
if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 ) if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 )
return( ret ); goto cleanup;
if( ( ret = mbedtls_md_hmac_update( ctx, salt, slen ) ) != 0 ) if( ( ret = mbedtls_md_hmac_update( ctx, salt, slen ) ) != 0 )
return( ret ); goto cleanup;
if( ( ret = mbedtls_md_hmac_update( ctx, counter, 4 ) ) != 0 ) if( ( ret = mbedtls_md_hmac_update( ctx, counter, 4 ) ) != 0 )
return( ret ); goto cleanup;
if( ( ret = mbedtls_md_hmac_finish( ctx, work ) ) != 0 ) if( ( ret = mbedtls_md_hmac_finish( ctx, work ) ) != 0 )
return( ret ); goto cleanup;
memcpy( md1, work, md_size ); memcpy( md1, work, md_size );
@ -292,13 +292,13 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p
// U2 ends up in md1 // U2 ends up in md1
// //
if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 ) if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 )
return( ret ); goto cleanup;
if( ( ret = mbedtls_md_hmac_update( ctx, md1, md_size ) ) != 0 ) if( ( ret = mbedtls_md_hmac_update( ctx, md1, md_size ) ) != 0 )
return( ret ); goto cleanup;
if( ( ret = mbedtls_md_hmac_finish( ctx, md1 ) ) != 0 ) if( ( ret = mbedtls_md_hmac_finish( ctx, md1 ) ) != 0 )
return( ret ); goto cleanup;
// U1 xor U2 // U1 xor U2
// //
@ -317,11 +317,12 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p
break; break;
} }
cleanup:
/* Zeroise buffers to clear sensitive data from memory. */ /* Zeroise buffers to clear sensitive data from memory. */
mbedtls_zeroize( work, MBEDTLS_MD_MAX_SIZE ); mbedtls_zeroize( work, MBEDTLS_MD_MAX_SIZE );
mbedtls_zeroize( md1, MBEDTLS_MD_MAX_SIZE ); mbedtls_zeroize( md1, MBEDTLS_MD_MAX_SIZE );
return( 0 ); return( ret );
} }
#if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_SELF_TEST)