use platform dependant implementation of erasing memory
fixes potentially insecure use of memset in CWA SM implementation fixes https://github.com/OpenSC/OpenSC/issues/1957
This commit is contained in:
parent
d06f23e89b
commit
267aea759c
|
@ -415,7 +415,7 @@ AC_FUNC_STAT
|
|||
AC_FUNC_VPRINTF
|
||||
AC_CHECK_FUNCS([ \
|
||||
getpass gettimeofday getline memset mkdir \
|
||||
strdup strerror \
|
||||
strdup strerror memset_s explicit_bzero \
|
||||
strlcpy strlcat strnlen sigaction
|
||||
])
|
||||
AC_CHECK_SIZEOF(void *)
|
||||
|
|
|
@ -100,7 +100,6 @@ C_UnloadModule(void *module)
|
|||
if (mod->handle != NULL && sc_dlclose(mod->handle) < 0)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
memset(mod, 0, sizeof(*mod));
|
||||
free(mod);
|
||||
return CKR_OK;
|
||||
}
|
||||
|
|
|
@ -647,23 +647,22 @@ static int cwa_prepare_external_auth(sc_card_t * card,
|
|||
if (bnsub)
|
||||
BN_free(bnsub);
|
||||
if (buf1) {
|
||||
memset(buf1, 0, 128);
|
||||
sc_mem_clear(buf1, 128);
|
||||
free(buf1);
|
||||
}
|
||||
if (buf2) {
|
||||
memset(buf2, 0, 128);
|
||||
sc_mem_clear(buf2, 128);
|
||||
free(buf2);
|
||||
}
|
||||
if (buf3) {
|
||||
memset(buf3, 0, 128);
|
||||
sc_mem_clear(buf3, 128);
|
||||
free(buf3);
|
||||
}
|
||||
if (sha_buf) {
|
||||
memset(sha_buf, 0, 74 + 32 + 8 + 1 + 7);
|
||||
sc_mem_clear(sha_buf, 74 + 32 + 8 + 1 + 7);
|
||||
free(sha_buf);
|
||||
}
|
||||
if (sha_data) {
|
||||
memset(sha_data, 0, SHA_DIGEST_LENGTH);
|
||||
free(sha_data);
|
||||
}
|
||||
|
||||
|
@ -770,15 +769,14 @@ static int cwa_compute_session_keys(sc_card_t * card)
|
|||
|
||||
compute_session_keys_end:
|
||||
if (kseed) {
|
||||
memset(kseed, 0, 32);
|
||||
sc_mem_clear(kseed, 32);
|
||||
free(kseed);
|
||||
}
|
||||
if (data) {
|
||||
memset(data, 0, 32 + 4);
|
||||
sc_mem_clear(data, 32 + 4);
|
||||
free(data);
|
||||
}
|
||||
if (sha_data) {
|
||||
memset(sha_data, 0, SHA_DIGEST_LENGTH);
|
||||
free(sha_data);
|
||||
}
|
||||
if (res != SC_SUCCESS)
|
||||
|
|
|
@ -928,7 +928,13 @@ void sc_mem_secure_free(void *ptr, size_t len)
|
|||
void sc_mem_clear(void *ptr, size_t len)
|
||||
{
|
||||
if (len > 0) {
|
||||
#ifdef ENABLE_OPENSSL
|
||||
#ifdef HAVE_MEMSET_S
|
||||
memset_s(ptr, len, 0, len);
|
||||
#elif _WIN32
|
||||
SecureZeroMemory(ptr, len);
|
||||
#elif HAVE_EXPLICIT_BZERO
|
||||
explicit_bzero(ptr, len);
|
||||
#elif ENABLE_OPENSSL
|
||||
OPENSSL_cleanse(ptr, len);
|
||||
#else
|
||||
memset(ptr, 0, len);
|
||||
|
|
|
@ -485,7 +485,6 @@ sc_profile_free(struct sc_profile *profile)
|
|||
|
||||
if (profile->p15_spec)
|
||||
sc_pkcs15_card_free(profile->p15_spec);
|
||||
memset(profile, 0, sizeof(*profile));
|
||||
free(profile);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue