yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-18 10:21:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Zeroize internal buffers and variables in MD hashes

Browse source 
Zeroising of local buffers and variables which are used for calculations in
mbedtls_internal_md*_process() and mbedtls_internal_ripemd160_process()
functions to erase sensitive data from memory.
Checked all function for possible missing zeroisation in MD.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
This commit is contained in:
gabor-mezei-arm 2020-08-19 14:03:06 +02:00
parent 5feba8dae1
commit f21639fc2f
No known key found for this signature in database
GPG key ID: 106F5A41ECC305BD
5 changed files with 32 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
ChangeLog.d/zeroizations_of_sensitive_data_in_PKCS5_and_SHA.txt
View file

@ -1,5 +1,6 @@
Security Security
* Zeroising of local buffers and variables which are used for calculations * Zeroising of local buffers and variables which are used for calculations
in mbedtls_pkcs5_pbkdf2_hmac() and mbedtls_internal_sha*_process() in mbedtls_pkcs5_pbkdf2_hmac(), mbedtls_internal_sha*_process(),
mbedtls_internal_md*_process() and mbedtls_internal_ripemd160_process()
functions to erase sensitive data from memory. Reported by functions to erase sensitive data from memory. Reported by
Johan Malmgren and Johan Uppman Bruce from Sectra. Johan Malmgren and Johan Uppman Bruce from Sectra.

3
library/md2.c
View file

@ -177,6 +177,9 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx )
t = ctx->cksum[i]; t = ctx->cksum[i];
} }
/* Zeroise variables to clear sensitive data from memory. */
mbedtls_platform_zeroize( &t, sizeof( t ) );
return( 0 ); return( 0 );
} }

7
library/md4.c
View file

@ -259,6 +259,13 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
ctx->state[2] += C; ctx->state[2] += C;
ctx->state[3] += D; ctx->state[3] += D;
/* Zeroise variables to clear sensitive data from memory. */
mbedtls_platform_zeroize( &X, sizeof( X ) );
mbedtls_platform_zeroize( &A, sizeof( A ) );
mbedtls_platform_zeroize( &B, sizeof( B ) );
mbedtls_platform_zeroize( &C, sizeof( C ) );
mbedtls_platform_zeroize( &D, sizeof( D ) );
return( 0 ); return( 0 );
} }

7
library/md5.c
View file

@ -265,6 +265,13 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
ctx->state[2] += C; ctx->state[2] += C;
ctx->state[3] += D; ctx->state[3] += D;
/* Zeroise variables to clear sensitive data from memory. */
mbedtls_platform_zeroize( &X, sizeof( X ) );
mbedtls_platform_zeroize( &A, sizeof( A ) );
mbedtls_platform_zeroize( &B, sizeof( B ) );
mbedtls_platform_zeroize( &C, sizeof( C ) );
mbedtls_platform_zeroize( &D, sizeof( D ) );
return( 0 ); return( 0 );
} }

13
library/ripemd160.c
View file

@ -328,6 +328,19 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
ctx->state[4] = ctx->state[0] + B + Cp; ctx->state[4] = ctx->state[0] + B + Cp;
ctx->state[0] = C; ctx->state[0] = C;
/* Zeroise variables to clear sensitive data from memory. */
mbedtls_platform_zeroize( &A, sizeof( A ) );
mbedtls_platform_zeroize( &B, sizeof( B ) );
mbedtls_platform_zeroize( &C, sizeof( C ) );
mbedtls_platform_zeroize( &D, sizeof( D ) );
mbedtls_platform_zeroize( &E, sizeof( E ) );
mbedtls_platform_zeroize( &Ap, sizeof( Ap ) );
mbedtls_platform_zeroize( &Bp, sizeof( Bp ) );
mbedtls_platform_zeroize( &Cp, sizeof( Cp ) );
mbedtls_platform_zeroize( &Dp, sizeof( Dp ) );
mbedtls_platform_zeroize( &Ep, sizeof( Ep ) );
mbedtls_platform_zeroize( &X, sizeof( X ) );
return( 0 ); return( 0 );
} }