TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 3d98b9744272652609931b451bcde71ec0d1392a^! / . / library / sha512.c
commit3d98b9744272652609931b451bcde71ec0d1392a[log] [tgz]
authorAndres Amaya Garcia <Andres.AmayaGarcia@arm.com>Wed Sep 20 11:47:49 2017 +0100
committerAndres Amaya Garcia <Andres.AmayaGarcia@arm.com>Wed Sep 20 11:47:49 2017 +0100
tree618bbf49e1ccb644fb14992b545ef6aad3b434d3
parent2d829fb4b367427749727aeabb1bbfbd0f244567 [diff] [blame]
Modify zeroize internal buffers in md modules

Modify all the following functions to zeroize an internal buffer before
exiting the function. The buffer could potentially contain confidential
data read from a file.

* md2_file()
* md4_file()
* md5_file()
* ripemd160_file()
* sha1_file()
* sha256_file()
* sha512_file()

diff --git a/library/sha512.c b/library/sha512.c
index bd607e0..5e51f7f 100644
--- a/library/sha512.c
+++ b/library/sha512.c

@@ -370,6 +370,7 @@
  */
 int sha512_file( const char *path, unsigned char output[64], int is384 )
 {
+    int ret = 0;
     FILE *f;
     size_t n;
     sha512_context ctx;
@@ -384,17 +385,16 @@
     while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
         sha512_update( &ctx, buf, n );
 
-    sha512_finish( &ctx, output );
-    sha512_free( &ctx );
-
     if( ferror( f ) != 0 )
-    {
-        fclose( f );
-        return( POLARSSL_ERR_SHA512_FILE_IO_ERROR );
-    }
+        ret = POLARSSL_ERR_SHA512_FILE_IO_ERROR;
+    else
+        sha512_finish( &ctx, output );
 
+    sha512_free( &ctx );
+    polarssl_zeroize( buf, sizeof( buf ) );
     fclose( f );
-    return( 0 );
+
+    return( ret );
 }
 #endif /* POLARSSL_FS_IO */