lib: clear buffers containing key material
This commit is contained in:
+6
-2
@@ -241,6 +241,7 @@ des_rc des_import_key(const int type, const unsigned char* keyraw, const size_t
|
|||||||
EXIT:
|
EXIT:
|
||||||
#ifdef _WINDOWS
|
#ifdef _WINDOWS
|
||||||
if (pbSessionBlob) {
|
if (pbSessionBlob) {
|
||||||
|
yc_memzero(pbSessionBlob, cbSessionBlob);
|
||||||
free(pbSessionBlob);
|
free(pbSessionBlob);
|
||||||
pbSessionBlob = NULL;
|
pbSessionBlob = NULL;
|
||||||
}
|
}
|
||||||
@@ -353,6 +354,7 @@ EXIT:
|
|||||||
|
|
||||||
bool yk_des_is_weak_key(const unsigned char *key, const size_t cb_key) {
|
bool yk_des_is_weak_key(const unsigned char *key, const size_t cb_key) {
|
||||||
#ifdef _WINDOWS
|
#ifdef _WINDOWS
|
||||||
|
bool rv = false;
|
||||||
/* defined weak keys, borrowed from openssl to be consistent across platforms */
|
/* defined weak keys, borrowed from openssl to be consistent across platforms */
|
||||||
static const unsigned char weak_keys[][DES_LEN_DES] = {
|
static const unsigned char weak_keys[][DES_LEN_DES] = {
|
||||||
/* weak keys */
|
/* weak keys */
|
||||||
@@ -400,11 +402,13 @@ bool yk_des_is_weak_key(const unsigned char *key, const size_t cb_key) {
|
|||||||
if ((0 == memcmp(weak_keys[i], tmp, DES_LEN_DES)) ||
|
if ((0 == memcmp(weak_keys[i], tmp, DES_LEN_DES)) ||
|
||||||
(0 == memcmp(weak_keys[i], tmp + DES_LEN_DES, DES_LEN_DES)) ||
|
(0 == memcmp(weak_keys[i], tmp + DES_LEN_DES, DES_LEN_DES)) ||
|
||||||
(0 == memcmp(weak_keys[i], tmp + 2*DES_LEN_DES, DES_LEN_DES))) {
|
(0 == memcmp(weak_keys[i], tmp + 2*DES_LEN_DES, DES_LEN_DES))) {
|
||||||
return true;
|
rv = true;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
yc_memzero(tmp, DES_LEN_3DES);
|
||||||
|
return rv;
|
||||||
#else
|
#else
|
||||||
(void)cb_key; /* unused */
|
(void)cb_key; /* unused */
|
||||||
|
|
||||||
|
|||||||
@@ -838,6 +838,7 @@ ykpiv_rc ykpiv_set_mgmkey2(ykpiv_state *state, const unsigned char *new_key, con
|
|||||||
res = YKPIV_GENERIC_ERROR;
|
res = YKPIV_GENERIC_ERROR;
|
||||||
|
|
||||||
Cleanup:
|
Cleanup:
|
||||||
|
yc_memzero(&apdu, sizeof(APDU));
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
@@ -1704,6 +1705,7 @@ ykpiv_rc ykpiv_import_private_key(ykpiv_state *state, const unsigned char key, u
|
|||||||
}
|
}
|
||||||
|
|
||||||
Cleanup:
|
Cleanup:
|
||||||
|
yc_memzero(key_data, sizeof(key_data));
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user