Zeroize tmp bufs in entropy.c functions
This commit is contained in:
parent
eb132b655c
commit
1adcd95a25
1 changed files with 20 additions and 10 deletions
|
@ -242,7 +242,7 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx )
|
|||
if( ( ret = ctx->source[i].f_source( ctx->source[i].p_source,
|
||||
buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -256,9 +256,12 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx )
|
|||
}
|
||||
|
||||
if( have_one_strong == 0 )
|
||||
return( MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE );
|
||||
ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE;
|
||||
|
||||
return( 0 );
|
||||
cleanup:
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -370,6 +373,8 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
|
|||
ret = 0;
|
||||
|
||||
exit:
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
|
||||
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
|
||||
|
@ -393,9 +398,9 @@ int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
|
|||
|
||||
/* Manually update the remaining stream with a separator value to diverge */
|
||||
memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||
mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||
ret = mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||
|
||||
return( 0 );
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_ENTROPY_NV_SEED */
|
||||
|
||||
|
@ -421,12 +426,15 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p
|
|||
ret = 0;
|
||||
|
||||
exit:
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
fclose( f );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path )
|
||||
{
|
||||
int ret = 0;
|
||||
FILE *f;
|
||||
size_t n;
|
||||
unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ];
|
||||
|
@ -442,14 +450,16 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *
|
|||
n = MBEDTLS_ENTROPY_MAX_SEED_SIZE;
|
||||
|
||||
if( fread( buf, 1, n, f ) != n )
|
||||
{
|
||||
fclose( f );
|
||||
return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
|
||||
}
|
||||
ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
|
||||
else
|
||||
ret = mbedtls_entropy_update_manual( ctx, buf, n );
|
||||
|
||||
fclose( f );
|
||||
|
||||
mbedtls_entropy_update_manual( ctx, buf, n );
|
||||
mbedtls_zeroize( buf, sizeof( buf ) );
|
||||
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
return( mbedtls_entropy_write_seed_file( ctx, path ) );
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue