Reliably zeroize sensitive data in Crypt-and-Hash sample application

The AES sample application programs/aes/crypt_and_hash could miss zeroizing the stack-based key buffer in case of an error during operation. This commit fixes this and also clears all command line arguments (one of which might be the key) before exit.
2017-06-27 08:22:17 +01:00 · 2017-06-27 08:22:17 +01:00 · f601ec5f34
commit f601ec5f34
parent 6b171e4aec
1 changed files with 9 additions and 6 deletions
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@ -224,8 +224,6 @@ int main( int argc, char *argv[] )
        }
    }

-    memset( argv[6], 0, strlen( argv[6] ) );
-
 #if defined(_WIN32_WCE)
    filesize = fseek( fin, 0L, SEEK_END );
 #else
@ -303,8 +301,6 @@ int main( int argc, char *argv[] )

        }

-        memset( key, 0, sizeof( key ) );
-
        if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
                           MBEDTLS_ENCRYPT ) != 0 )
        {
@ -444,8 +440,6 @@ int main( int argc, char *argv[] )
            mbedtls_md_finish( &md_ctx, digest );
        }

-        memset( key, 0, sizeof( key ) );
-
        if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
                           MBEDTLS_DECRYPT ) != 0 )
        {
@ -540,7 +534,16 @@ exit:
    if( fout )
        fclose( fout );

+    /* Zeroize all command line arguments to also cover
+       the case when the user has missed or reordered some,
+       in which case the key might not be in argv[6]. */
+    for( i = 0; i < argc; i++ )
+        memset( argv[i], 0, strlen( argv[i] ) );
+
+    memset( IV,     0, sizeof( IV ) );
+    memset( key,    0, sizeof( key ) );
    memset( buffer, 0, sizeof( buffer ) );
+    memset( output, 0, sizeof( output ) );
    memset( digest, 0, sizeof( digest ) );

    mbedtls_cipher_free( &cipher_ctx );