commit 6d576c9646fec898d938232d03aaad7c048e6aa1
author Gilles Peskine <Gilles.Peskine@arm.com> Thu Jun 30 17:06:11 2022 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Thu Jun 30 17:06:11 2022 +0200
tree fccc879406b6681164818ee27e08c589fecbdcc2
parent da0913ba6b3ddd5708189df8115d85bbd0ff2be3

Call setbuf when reading or writing files: programs

After opening a file containing sensitive data, call mbedtls_setbuf() to
disable buffering. This way, we don't expose sensitive data to a memory
disclosure vulnerability in a buffer outside our control.

This commit adds a call to mbedtls_setbuf() after each call to fopen(),
but only in sample programs that were calling mbedtls_platform_zeroize().
Don't bother protecting stdio buffers in programs where application buffers
weren't protected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

programs/aes/crypt_and_hash.c

diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index 74ea88c..fa874b2 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -171,6 +171,10 @@
         goto exit;
     }
 
+    /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
+    mbedtls_setbuf( fin, NULL );
+    mbedtls_setbuf( fout, NULL );
+
     /*
      * Read the Cipher and MD from the command line
      */

programs/psa/key_ladder_demo.c

diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c
index cad875e..1303719 100644
--- a/programs/psa/key_ladder_demo.c
+++ b/programs/psa/key_ladder_demo.c
@@ -56,6 +56,7 @@
 #include <stdio.h>
 #include <string.h>
 
+#include "mbedtls/platform.h" // for mbedtls_setbuf
 #include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize
 
 #include <psa/crypto.h>
@@ -177,6 +178,8 @@
                                key_data, sizeof( key_data ),
                                &key_size ) );
     SYS_CHECK( ( key_file = fopen( output_file_name, "wb" ) ) != NULL );
+    /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
+    mbedtls_setbuf( key_file, NULL );
     SYS_CHECK( fwrite( key_data, 1, key_size, key_file ) == key_size );
     SYS_CHECK( fclose( key_file ) == 0 );
     key_file = NULL;
@@ -231,6 +234,8 @@
     unsigned char extra_byte;
 
     SYS_CHECK( ( key_file = fopen( key_file_name, "rb" ) ) != NULL );
+    /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
+    mbedtls_setbuf( key_file, NULL );
     SYS_CHECK( ( key_size = fread( key_data, 1, sizeof( key_data ),
                                    key_file ) ) != 0 );
     if( fread( &extra_byte, 1, 1, key_file ) != 0 )
@@ -372,6 +377,8 @@
 
     /* Find the size of the data to wrap. */
     SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL );
+    /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
+    mbedtls_setbuf( input_file, NULL );
     SYS_CHECK( fseek( input_file, 0, SEEK_END ) == 0 );
     SYS_CHECK( ( input_position = ftell( input_file ) ) != -1 );
 #if LONG_MAX > SIZE_MAX
@@ -418,6 +425,8 @@
 
     /* Write the output. */
     SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL );
+    /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
+    mbedtls_setbuf( output_file, NULL );
     SYS_CHECK( fwrite( &header, 1, sizeof( header ),
                        output_file ) == sizeof( header ) );
     SYS_CHECK( fwrite( buffer, 1, ciphertext_size,
@@ -453,6 +462,8 @@
 
     /* Load and validate the header. */
     SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL );
+    /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
+    mbedtls_setbuf( input_file, NULL );
     SYS_CHECK( fread( &header, 1, sizeof( header ),
                       input_file ) == sizeof( header ) );
     if( memcmp( &header.magic, WRAPPED_DATA_MAGIC,
@@ -509,6 +520,8 @@
 
     /* Write the output. */
     SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL );
+    /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
+    mbedtls_setbuf( output_file, NULL );
     SYS_CHECK( fwrite( buffer, 1, plaintext_size,
                        output_file ) == plaintext_size );
     SYS_CHECK( fclose( output_file ) == 0 );

programs/ssl/ssl_test_common_source.c

diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index 0e66895..23237d1 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@@ -101,6 +101,10 @@
             goto exit;
         }
 
+        /* Ensure no stdio buffering of secrets, as such buffers cannot be
+         * wiped. */
+        mbedtls_setbuf( f, NULL );
+
         if( fwrite( nss_keylog_line, 1, len, f ) != len )
         {
             fclose( f );

programs/ssl/ssl_test_lib.h

diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index f0d0c3b..d2354bb 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -35,6 +35,7 @@
 #define mbedtls_fprintf    fprintf
 #define mbedtls_snprintf   snprintf
 #define mbedtls_exit            exit
+#define mbedtls_setbuf     setbuf
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif