mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 12:20:52 +02:00
wolfcrypt: zero sensitive buffers
This commit is contained in:
@@ -1634,5 +1634,13 @@ int wc_CamelliaCbcDecrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz
|
||||
}
|
||||
|
||||
|
||||
void wc_CamelliaFree(wc_Camellia* cam)
|
||||
{
|
||||
if (cam == NULL)
|
||||
return;
|
||||
ForceZero(cam, sizeof(wc_Camellia));
|
||||
}
|
||||
|
||||
|
||||
#endif /* HAVE_CAMELLIA */
|
||||
|
||||
|
||||
@@ -250,7 +250,7 @@ static int curve25519_smul_blind(byte* rp, const byte* n, const byte* p,
|
||||
for (cnt = 0; cnt < WOLFSSL_CURVE25519_BLINDING_RAND_CNT; cnt++) {
|
||||
ret = wc_RNG_GenerateBlock(rng, rz, sizeof(rz));
|
||||
if (ret < 0) {
|
||||
return ret;
|
||||
goto cleanup;
|
||||
}
|
||||
for (i = CURVE25519_KEYSIZE - 1; i >= 0; i--) {
|
||||
if (rz[i] != 0xff)
|
||||
@@ -261,13 +261,14 @@ static int curve25519_smul_blind(byte* rp, const byte* n, const byte* p,
|
||||
}
|
||||
}
|
||||
if (cnt == WOLFSSL_CURVE25519_BLINDING_RAND_CNT) {
|
||||
return RNG_FAILURE_E;
|
||||
ret = RNG_FAILURE_E;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* Generate 253 random bits. */
|
||||
ret = wc_RNG_GenerateBlock(rng, a, sizeof(a));
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
goto cleanup;
|
||||
a[CURVE25519_KEYSIZE-1] &= 0x7f;
|
||||
/* k' = k ^ 2k ^ a */
|
||||
n_a[0] = n[0] ^ (byte)(n[0] << 1) ^ a[0];
|
||||
@@ -281,6 +282,11 @@ static int curve25519_smul_blind(byte* rp, const byte* n, const byte* p,
|
||||
/* Scalar multiple blinded scalar with blinding value. */
|
||||
ret = curve25519_blind(rp, n_a, a, p, rz);
|
||||
|
||||
cleanup:
|
||||
ForceZero(a, sizeof(a));
|
||||
ForceZero(n_a, sizeof(n_a));
|
||||
ForceZero(rz, sizeof(rz));
|
||||
|
||||
RESTORE_VECTOR_REGISTERS();
|
||||
|
||||
return ret;
|
||||
|
||||
@@ -3016,6 +3016,9 @@ int wolfSSL_EVP_PKEY_CTX_set1_hkdf_key(WOLFSSL_EVP_PKEY_CTX* ctx,
|
||||
}
|
||||
|
||||
if (ret == WOLFSSL_SUCCESS) {
|
||||
if (ctx->pkey->hkdfKey != NULL && ctx->pkey->hkdfKeySz > 0) {
|
||||
ForceZero(ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz);
|
||||
}
|
||||
XFREE(ctx->pkey->hkdfKey, NULL, DYNAMIC_TYPE_KEY);
|
||||
ctx->pkey->hkdfKey = (byte*)XMALLOC((size_t)keySz, NULL,
|
||||
DYNAMIC_TYPE_KEY);
|
||||
@@ -11778,6 +11781,9 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
|
||||
case WC_EVP_PKEY_HKDF:
|
||||
XFREE(key->hkdfSalt, NULL, DYNAMIC_TYPE_SALT);
|
||||
key->hkdfSalt = NULL;
|
||||
if (key->hkdfKey != NULL && key->hkdfKeySz > 0) {
|
||||
ForceZero(key->hkdfKey, key->hkdfKeySz);
|
||||
}
|
||||
XFREE(key->hkdfKey, NULL, DYNAMIC_TYPE_KEY);
|
||||
key->hkdfKey = NULL;
|
||||
XFREE(key->hkdfInfo, NULL, DYNAMIC_TYPE_INFO);
|
||||
|
||||
@@ -584,7 +584,6 @@ static int Hash_DRBG_Reseed(DRBG_internal* drbg, const byte* seed, word32 seedSz
|
||||
additional, additionalSz);
|
||||
if (ret == DRBG_SUCCESS) {
|
||||
XMEMCPY(drbg->V, newV, sizeof(drbg->V));
|
||||
ForceZero(newV, DRBG_SEED_LEN);
|
||||
|
||||
ret = Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V,
|
||||
sizeof(drbg->V), NULL, 0, NULL, 0);
|
||||
@@ -593,6 +592,8 @@ static int Hash_DRBG_Reseed(DRBG_internal* drbg, const byte* seed, word32 seedSz
|
||||
drbg->reseedCtr = 1;
|
||||
}
|
||||
|
||||
ForceZero(newV, DRBG_SEED_LEN);
|
||||
|
||||
#ifndef WOLFSSL_SMALL_STACK_CACHE
|
||||
WC_FREE_VAR_EX(newV, drbg->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
@@ -1177,7 +1178,6 @@ static int Hash512_DRBG_Reseed(DRBG_SHA512_internal* drbg, const byte* seed,
|
||||
additional, additionalSz);
|
||||
if (ret == DRBG_SUCCESS) {
|
||||
XMEMCPY(drbg->V, newV, sizeof(drbg->V));
|
||||
ForceZero(newV, DRBG_SHA512_SEED_LEN);
|
||||
|
||||
ret = Hash512_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V,
|
||||
sizeof(drbg->V), NULL, 0,
|
||||
@@ -1187,6 +1187,8 @@ static int Hash512_DRBG_Reseed(DRBG_SHA512_internal* drbg, const byte* seed,
|
||||
drbg->reseedCtr = 1;
|
||||
}
|
||||
|
||||
ForceZero(newV, DRBG_SHA512_SEED_LEN);
|
||||
|
||||
#ifndef WOLFSSL_SMALL_STACK_CACHE
|
||||
WC_FREE_VAR_EX(newV, drbg->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
|
||||
@@ -1398,6 +1398,7 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
/* generate random seed */
|
||||
if ((ret = wc_RNG_GenerateBlock(rng, seed, hLen)) != 0) {
|
||||
WC_FREE_VAR_EX(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
ForceZero(seed, hLen);
|
||||
WC_FREE_VAR_EX(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
return ret;
|
||||
}
|
||||
@@ -1408,6 +1409,7 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
if (dbMask == NULL) {
|
||||
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
ForceZero(seed, hLen);
|
||||
XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
return MEMORY_E;
|
||||
}
|
||||
@@ -1421,6 +1423,7 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
if (ret != 0) {
|
||||
WC_FREE_VAR_EX(dbMask, heap, DYNAMIC_TYPE_RSA);
|
||||
WC_FREE_VAR_EX(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
ForceZero(seed, hLen);
|
||||
WC_FREE_VAR_EX(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
return ret;
|
||||
}
|
||||
@@ -1435,6 +1438,7 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
if ((ret = RsaMGF(mgf, pkcsBlock + hLen + 1, pkcsBlockLen - hLen - 1,
|
||||
pkcsBlock + 1, hLen, heap)) != 0) {
|
||||
WC_FREE_VAR_EX(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
ForceZero(seed, hLen);
|
||||
WC_FREE_VAR_EX(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -7261,6 +7261,8 @@ int wc_SlhDsaKey_Sign(SlhDsaKey* key, const byte* ctx, byte ctxSz,
|
||||
sigSz, addRnd);
|
||||
}
|
||||
|
||||
ForceZero(addRnd, sizeof(addRnd));
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -8056,6 +8058,8 @@ int wc_SlhDsaKey_SignHash(SlhDsaKey* key, const byte* ctx, byte ctxSz,
|
||||
hashType, sig, sigSz, addRnd);
|
||||
}
|
||||
|
||||
ForceZero(addRnd, sizeof(addRnd));
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
|
||||
|
||||
@@ -90,6 +90,7 @@ WOLFSSL_API int wc_CamelliaCbcEncrypt(wc_Camellia* cam,
|
||||
byte* out, const byte* in, word32 sz);
|
||||
WOLFSSL_API int wc_CamelliaCbcDecrypt(wc_Camellia* cam,
|
||||
byte* out, const byte* in, word32 sz);
|
||||
WOLFSSL_API void wc_CamelliaFree(wc_Camellia* cam);
|
||||
|
||||
#ifndef OPENSSL_COEXIST
|
||||
|
||||
|
||||
Reference in New Issue
Block a user