From 8188d392af61d86454ff893bfe06f932d5f03042 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Jun 2017 08:46:50 +0100 Subject: [PATCH] Reliably zeroize sensitive data in Crypt-and-Hash sample application The AES sample application programs/aes/crypt_and_hash could miss zeroizing the stack-based key buffer in case of an error during operation. This commit fixes this and also clears all command line arguments (one of which might be the key) before exit. --- programs/aes/crypt_and_hash.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index be05d982c..30b981a9d 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -220,8 +220,6 @@ int main( int argc, char *argv[] ) } } - memset( argv[6], 0, strlen( argv[6] ) ); - #if defined(_WIN32_WCE) filesize = fseek( fin, 0L, SEEK_END ); #else @@ -299,8 +297,6 @@ int main( int argc, char *argv[] ) } - memset( key, 0, sizeof( key ) ); - if( cipher_setkey( &cipher_ctx, digest, cipher_info->key_length, POLARSSL_ENCRYPT ) != 0 ) { @@ -434,8 +430,6 @@ int main( int argc, char *argv[] ) md_finish( &md_ctx, digest ); } - memset( key, 0, sizeof( key ) ); - if( cipher_setkey( &cipher_ctx, digest, cipher_info->key_length, POLARSSL_DECRYPT ) != 0 ) { @@ -539,7 +533,16 @@ exit: if( fout ) fclose( fout ); + /* Zeroize all command line arguments to also cover + the case when the user has missed or reordered some, + in which case the key might not be in argv[6]. */ + for( i = 0; i < argc; i++ ) + memset( argv[i], 0, strlen( argv[i] ) ); + + memset( IV, 0, sizeof( IV ) ); + memset( key, 0, sizeof( key ) ); memset( buffer, 0, sizeof( buffer ) ); + memset( output, 0, sizeof( output ) ); memset( digest, 0, sizeof( digest ) ); cipher_free( &cipher_ctx );