Wipe stack buffers in block_cipher_df

gilles-peskine-arm · gilles-peskine-arm · commit 43c19648dbef · 2018-11-27T16:41:09.000+01:00
This is a partial backport of 1b36499 (only for the buffer wiping). Other wiping calls were previously added as backports of "CTR_DRBG: clean stack buffers" (d9aa84d). This completes the backporting of stack buffer wiping from the development branch.
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
@@ -226,6 +226,10 @@ static int block_cipher_df( unsigned char *output,
 
     mbedtls_aes_free( &aes_ctx );
 
+    mbedtls_zeroize( buf, sizeof( buf ) );
+    mbedtls_zeroize( tmp, sizeof( tmp ) );
+    mbedtls_zeroize( key, sizeof( key ) );
+    mbedtls_zeroize( chain, sizeof( chain ) );
     return( 0 );
 }
 

Original file line number	Diff line number	Diff line change
`@@ -226,6 +226,10 @@ static int block_cipher_df( unsigned char *output,`
`226`	`226`
`227`	`227`	`mbedtls_aes_free( &aes_ctx );`
`228`	`228`
	`229`	`+ mbedtls_zeroize( buf, sizeof( buf ) );`
	`230`	`+ mbedtls_zeroize( tmp, sizeof( tmp ) );`
	`231`	`+ mbedtls_zeroize( key, sizeof( key ) );`
	`232`	`+ mbedtls_zeroize( chain, sizeof( chain ) );`
`229`	`233`	`return( 0 );`
`230`	`234`	`}`
`231`	`235`