Modify zeroize internal buffers in md modules
Modify all the following functions to zeroize an internal buffer before
exiting the function. The buffer could potentially contain confidential
data read from a file.
* md2_file()
* md4_file()
* md5_file()
* ripemd160_file()
* sha1_file()
* sha256_file()
* sha512_file()
diff --git a/library/md2.c b/library/md2.c
index 2ac7eba..2d6123f 100644
--- a/library/md2.c
+++ b/library/md2.c
@@ -217,6 +217,7 @@
*/
int md2_file( const char *path, unsigned char output[16] )
{
+ int ret = 0;
FILE *f;
size_t n;
md2_context ctx;
@@ -231,17 +232,16 @@
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
md2_update( &ctx, buf, n );
- md2_finish( &ctx, output );
- md2_free( &ctx );
-
if( ferror( f ) != 0 )
- {
- fclose( f );
- return( POLARSSL_ERR_MD2_FILE_IO_ERROR );
- }
+ ret = POLARSSL_ERR_MD2_FILE_IO_ERROR;
+ else
+ md2_finish( &ctx, output );
+ md2_free( &ctx );
+ polarssl_zeroize( buf, sizeof( buf ) );
fclose( f );
- return( 0 );
+
+ return( ret );
}
#endif /* POLARSSL_FS_IO */
diff --git a/library/md4.c b/library/md4.c
index 8754d2f..9c4a9b8 100644
--- a/library/md4.c
+++ b/library/md4.c
@@ -313,6 +313,7 @@
*/
int md4_file( const char *path, unsigned char output[16] )
{
+ int ret = 0;
FILE *f;
size_t n;
md4_context ctx;
@@ -327,17 +328,16 @@
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
md4_update( &ctx, buf, n );
- md4_finish( &ctx, output );
- md4_free( &ctx );
-
if( ferror( f ) != 0 )
- {
- fclose( f );
- return( POLARSSL_ERR_MD4_FILE_IO_ERROR );
- }
+ ret = POLARSSL_ERR_MD4_FILE_IO_ERROR;
+ else
+ md4_finish( &ctx, output );
+ md4_free( &ctx );
+ polarssl_zeroize( buf, sizeof( buf ) );
fclose( f );
- return( 0 );
+
+ return( ret );
}
#endif /* POLARSSL_FS_IO */
diff --git a/library/md5.c b/library/md5.c
index 8c7ed1f..4a0f251 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -330,6 +330,7 @@
*/
int md5_file( const char *path, unsigned char output[16] )
{
+ int ret = 0;
FILE *f;
size_t n;
md5_context ctx;
@@ -344,17 +345,16 @@
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
md5_update( &ctx, buf, n );
- md5_finish( &ctx, output );
- md5_free( &ctx );
-
if( ferror( f ) != 0 )
- {
- fclose( f );
- return( POLARSSL_ERR_MD5_FILE_IO_ERROR );
- }
+ ret = POLARSSL_ERR_MD5_FILE_IO_ERROR;
+ else
+ md5_finish( &ctx, output );
+ md5_free( &ctx );
+ polarssl_zeroize( buf, sizeof( buf ) );
fclose( f );
- return( 0 );
+
+ return( ret );
}
#endif /* POLARSSL_FS_IO */
diff --git a/library/ripemd160.c b/library/ripemd160.c
index 2c196f4..7b5d02e 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -388,6 +388,7 @@
*/
int ripemd160_file( const char *path, unsigned char output[20] )
{
+ int ret = 0;
FILE *f;
size_t n;
ripemd160_context ctx;
@@ -402,17 +403,16 @@
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
ripemd160_update( &ctx, buf, n );
- ripemd160_finish( &ctx, output );
- ripemd160_free( &ctx );
-
if( ferror( f ) != 0 )
- {
- fclose( f );
- return( POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR );
- }
+ ret = POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR;
+ else
+ ripemd160_finish( &ctx, output );
+ ripemd160_free( &ctx );
+ polarssl_zeroize( buf, sizeof( buf ) );
fclose( f );
- return( 0 );
+
+ return( ret );
}
#endif /* POLARSSL_FS_IO */
diff --git a/library/sha1.c b/library/sha1.c
index 44de872..a5a235b 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -363,6 +363,7 @@
*/
int sha1_file( const char *path, unsigned char output[20] )
{
+ int ret = 0;
FILE *f;
size_t n;
sha1_context ctx;
@@ -377,17 +378,16 @@
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
sha1_update( &ctx, buf, n );
- sha1_finish( &ctx, output );
- sha1_free( &ctx );
-
if( ferror( f ) != 0 )
- {
- fclose( f );
- return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
- }
+ ret = POLARSSL_ERR_SHA1_FILE_IO_ERROR;
+ else
+ sha1_finish( &ctx, output );
+ sha1_free( &ctx );
+ polarssl_zeroize( buf, sizeof( buf ) );
fclose( f );
- return( 0 );
+
+ return( ret );
}
#endif /* POLARSSL_FS_IO */
diff --git a/library/sha256.c b/library/sha256.c
index 674fdf2..caae79f 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -366,6 +366,7 @@
*/
int sha256_file( const char *path, unsigned char output[32], int is224 )
{
+ int ret = 0;
FILE *f;
size_t n;
sha256_context ctx;
@@ -380,17 +381,16 @@
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
sha256_update( &ctx, buf, n );
- sha256_finish( &ctx, output );
- sha256_free( &ctx );
-
if( ferror( f ) != 0 )
- {
- fclose( f );
- return( POLARSSL_ERR_SHA256_FILE_IO_ERROR );
- }
+ ret = POLARSSL_ERR_SHA256_FILE_IO_ERROR;
+ else
+ sha256_finish( &ctx, output );
+ sha256_free( &ctx );
+ polarssl_zeroize( buf, sizeof( buf ) );
fclose( f );
- return( 0 );
+
+ return( ret );
}
#endif /* POLARSSL_FS_IO */
diff --git a/library/sha512.c b/library/sha512.c
index bd607e0..5e51f7f 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -370,6 +370,7 @@
*/
int sha512_file( const char *path, unsigned char output[64], int is384 )
{
+ int ret = 0;
FILE *f;
size_t n;
sha512_context ctx;
@@ -384,17 +385,16 @@
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
sha512_update( &ctx, buf, n );
- sha512_finish( &ctx, output );
- sha512_free( &ctx );
-
if( ferror( f ) != 0 )
- {
- fclose( f );
- return( POLARSSL_ERR_SHA512_FILE_IO_ERROR );
- }
+ ret = POLARSSL_ERR_SHA512_FILE_IO_ERROR;
+ else
+ sha512_finish( &ctx, output );
+ sha512_free( &ctx );
+ polarssl_zeroize( buf, sizeof( buf ) );
fclose( f );
- return( 0 );
+
+ return( ret );
}
#endif /* POLARSSL_FS_IO */