cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Zeroize values in PKCS#12 operations

Browse Source
This commit is contained in:
Paul Bakker 2014-06-18 13:59:38 +02:00
parent 39daf6620c
commit 91c301abbe
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
library/pkcs12.c
View File

@ -49,6 +49,11 @@
#include "polarssl/des.h" #include "polarssl/des.h"
#endif #endif
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
static int pkcs12_parse_pbe_params( asn1_buf *params, static int pkcs12_parse_pbe_params( asn1_buf *params,
asn1_buf *salt, int *iterations ) asn1_buf *salt, int *iterations )
{ {
@ -205,6 +210,8 @@ int pkcs12_pbe( asn1_buf *pbe_params, int mode,
ret = POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH; ret = POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH;
exit: exit:
polarssl_zeroize( key, sizeof( key ) );
polarssl_zeroize( iv, sizeof( iv ) );
cipher_free_ctx( &cipher_ctx ); cipher_free_ctx( &cipher_ctx );
return( ret ); return( ret );
@ -330,6 +337,11 @@ int pkcs12_derivation( unsigned char *data, size_t datalen,
ret = 0; ret = 0;
exit: exit:
polarssl_zeroize( salt_block, sizeof( salt_block ) );
polarssl_zeroize( pwd_block, sizeof( pwd_block ) );
polarssl_zeroize( hash_block, sizeof( hash_block ) );
polarssl_zeroize( hash_output, sizeof( hash_output ) );
md_free_ctx( &md_ctx ); md_free_ctx( &md_ctx );
return( ret ); return( ret );