commit beb42837ac296459744780d5173be30d88f17316
author Andres Amaya Garcia <andres.amayagarcia@arm.com> Wed Jul 12 10:36:30 2017 +0100
committer Andres Amaya Garcia <andres.amayagarcia@arm.com> Wed Jul 12 10:36:30 2017 +0100
tree f08ada2ec1b6a3a590eeac3a8bd169a88760ad9d
parent fa6fa6850e2d8c45a6780eeb866ba32f6b3f785b

Zeroize tmp bufs in hmac_drbg.c functions

library/hmac_drbg.c

diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index c7904d0..eece389 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -342,11 +342,14 @@
 
 exit:
     fclose( f );
+    polarssl_zeroize( buf, sizeof( buf ) );
+
     return( ret );
 }
 
 int hmac_drbg_update_seed_file( hmac_drbg_context *ctx, const char *path )
 {
+    int ret = 0;
     FILE *f;
     size_t n;
     unsigned char buf[ POLARSSL_HMAC_DRBG_MAX_INPUT ];
@@ -365,14 +368,16 @@
     }
 
     if( fread( buf, 1, n, f ) != n )
-    {
-        fclose( f );
-        return( POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR );
-    }
+        ret = POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR;
+    else
+        hmac_drbg_update( ctx, buf, n );
 
     fclose( f );
 
-    hmac_drbg_update( ctx, buf, n );
+    polarssl_zeroize( buf, sizeof( buf ) );
+
+    if( ret != 0 )
+        return( ret );
 
     return( hmac_drbg_write_seed_file( ctx, path ) );
 }