Zeroize sensitive data in aescrypt2 and crypt_and_hash examples

This commit replaces multiple `memset()` calls in the example
programs aes/aescrypt2.c and aes/crypt_and_hash.c by calls to
the reliable zeroization function `mbedtls_zeroize()`.

While not a security issue because the code is in the example
programs, it's bad practice and should be fixed.
This commit is contained in:
Hanno Becker 2018-10-12 16:46:37 +01:00
parent 805f2e11bd
commit 0b44d5cc79
2 changed files with 14 additions and 12 deletions

View file

@ -43,6 +43,7 @@
#include "mbedtls/aes.h" #include "mbedtls/aes.h"
#include "mbedtls/md.h" #include "mbedtls/md.h"
#include "mbedtls/platform_util.h"
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
@ -450,13 +451,13 @@ exit:
the case when the user has missed or reordered some, the case when the user has missed or reordered some,
in which case the key might not be in argv[4]. */ in which case the key might not be in argv[4]. */
for( i = 0; i < (unsigned int) argc; i++ ) for( i = 0; i < (unsigned int) argc; i++ )
memset( argv[i], 0, strlen( argv[i] ) ); mbedtls_platform_zeroize( argv[i], strlen( argv[i] ) );
memset( IV, 0, sizeof( IV ) ); mbedtls_platform_zeroize( IV, sizeof( IV ) );
memset( key, 0, sizeof( key ) ); mbedtls_platform_zeroize( key, sizeof( key ) );
memset( tmp, 0, sizeof( tmp ) ); mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
memset( buffer, 0, sizeof( buffer ) ); mbedtls_platform_zeroize( buffer, sizeof( buffer ) );
memset( digest, 0, sizeof( digest ) ); mbedtls_platform_zeroize( digest, sizeof( digest ) );
mbedtls_aes_free( &aes_ctx ); mbedtls_aes_free( &aes_ctx );
mbedtls_md_free( &sha_ctx ); mbedtls_md_free( &sha_ctx );

View file

@ -46,6 +46,7 @@
defined(MBEDTLS_FS_IO) defined(MBEDTLS_FS_IO)
#include "mbedtls/cipher.h" #include "mbedtls/cipher.h"
#include "mbedtls/md.h" #include "mbedtls/md.h"
#include "mbedtls/platform_util.h"
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
@ -547,13 +548,13 @@ exit:
the case when the user has missed or reordered some, the case when the user has missed or reordered some,
in which case the key might not be in argv[6]. */ in which case the key might not be in argv[6]. */
for( i = 0; i < argc; i++ ) for( i = 0; i < argc; i++ )
memset( argv[i], 0, strlen( argv[i] ) ); mbedtls_platform_zeroize( argv[i], strlen( argv[i] ) );
memset( IV, 0, sizeof( IV ) ); mbedtls_platform_zeroize( IV, sizeof( IV ) );
memset( key, 0, sizeof( key ) ); mbedtls_platform_zeroize( key, sizeof( key ) );
memset( buffer, 0, sizeof( buffer ) ); mbedtls_platform_zeroize( buffer, sizeof( buffer ) );
memset( output, 0, sizeof( output ) ); mbedtls_platform_zeroize( output, sizeof( output ) );
memset( digest, 0, sizeof( digest ) ); mbedtls_platform_zeroize( digest, sizeof( digest ) );
mbedtls_cipher_free( &cipher_ctx ); mbedtls_cipher_free( &cipher_ctx );
mbedtls_md_free( &md_ctx ); mbedtls_md_free( &md_ctx );