diff --git a/src/crypto/mbedtls.c b/src/crypto/mbedtls.c index a9e8095a..b196fe25 100644 --- a/src/crypto/mbedtls.c +++ b/src/crypto/mbedtls.c @@ -11,6 +11,7 @@ #include #include #include +#include #include @@ -88,6 +89,11 @@ void osdp_fill_random(uint8_t *buf, int len) assert(rc == 0); } +void osdp_fill_zeros(void *buf, int len) +{ + mbedtls_platform_zeroize(buf, (size_t)len); +} + void osdp_crypt_teardown() { mbedtls_ctr_drbg_free(&ctr_drbg_ctx); diff --git a/src/crypto/openssl.c b/src/crypto/openssl.c index 416853d6..06cdd714 100644 --- a/src/crypto/openssl.c +++ b/src/crypto/openssl.c @@ -107,6 +107,11 @@ void osdp_fill_random(uint8_t *buf, int len) } } +void osdp_fill_zeros(void *buf, int len) +{ + OPENSSL_cleanse(buf, (size_t)len); +} + void osdp_crypt_teardown() { } diff --git a/src/crypto/tinyaes.c b/src/crypto/tinyaes.c index 5f9873ef..54eca462 100644 --- a/src/crypto/tinyaes.c +++ b/src/crypto/tinyaes.c @@ -6,6 +6,7 @@ #include #include +#include #include #include "tinyaes_src.h" @@ -56,6 +57,11 @@ void osdp_fill_random(uint8_t *buf, int len) } } +void osdp_fill_zeros(void *buf, int len) +{ + explicit_bzero(buf, (size_t)len); +} + void osdp_crypt_teardown() { } \ No newline at end of file diff --git a/src/osdp_common.h b/src/osdp_common.h index 558e0505..c1b86a95 100644 --- a/src/osdp_common.h +++ b/src/osdp_common.h @@ -520,6 +520,7 @@ void osdp_crypt_setup(); void osdp_encrypt(uint8_t *key, uint8_t *iv, uint8_t *data, int len); void osdp_decrypt(uint8_t *key, uint8_t *iv, uint8_t *data, int len); void osdp_fill_random(uint8_t *buf, int len); +void osdp_fill_zeros(void *buf, int len); void osdp_crypt_teardown(); /* --- from osdp_sc.c --- */ diff --git a/src/osdp_cp.c b/src/osdp_cp.c index e326e727..31c4c979 100644 --- a/src/osdp_cp.c +++ b/src/osdp_cp.c @@ -1609,6 +1609,7 @@ void osdp_cp_teardown(osdp_t *ctx) if (is_capture_enabled(pd)) { osdp_packet_capture_finish(pd); } + osdp_fill_zeros(&pd->sc, sizeof(struct osdp_secure_channel)); #ifndef OPT_OSDP_STATIC safe_free(pd->file); diff --git a/src/osdp_pd.c b/src/osdp_pd.c index 8e26c619..54c9891b 100644 --- a/src/osdp_pd.c +++ b/src/osdp_pd.c @@ -1127,6 +1127,7 @@ static void osdp_pd_update(struct osdp_pd *pd) } if (pd->cmd_id == CMD_KEYSET && pd->reply_id == REPLY_ACK) { memcpy(pd->sc.scbk, pd->keyset_pending, 16); + osdp_fill_zeros(pd->keyset_pending, 16); CLEAR_FLAG(pd, PD_FLAG_SC_USE_SCBKD); CLEAR_FLAG(pd, PD_FLAG_INSTALL_MODE); sc_deactivate(pd); @@ -1340,6 +1341,8 @@ void osdp_pd_teardown(osdp_t *ctx) osdp_packet_capture_finish(pd); } + osdp_fill_zeros(&pd->sc, sizeof(struct osdp_secure_channel)); + if (pd_ctx->channel.close) { pd_ctx->channel.close(pd_ctx->channel.data); } diff --git a/src/osdp_sc.c b/src/osdp_sc.c index f79d9b8b..941c0d11 100644 --- a/src/osdp_sc.c +++ b/src/osdp_sc.c @@ -56,6 +56,7 @@ void osdp_compute_session_keys(struct osdp_pd *pd) osdp_encrypt(scbk, NULL, pd->sc.s_enc, 16); osdp_encrypt(scbk, NULL, pd->sc.s_mac1, 16); osdp_encrypt(scbk, NULL, pd->sc.s_mac2, 16); + osdp_fill_zeros(scbk, sizeof(scbk)); } void osdp_compute_cp_cryptogram(struct osdp_pd *pd) @@ -93,10 +94,9 @@ int osdp_verify_cp_cryptogram(struct osdp_pd *pd) memcpy(cp_crypto + 8, pd->sc.cp_random, 8); osdp_encrypt(pd->sc.s_enc, NULL, cp_crypto, 16); - if (osdp_ct_compare(pd->sc.cp_cryptogram, cp_crypto, 16) != 0) { - return -1; - } - return 0; + int ret = osdp_ct_compare(pd->sc.cp_cryptogram, cp_crypto, 16) == 0 ? 0 : -1; + osdp_fill_zeros(cp_crypto, sizeof(cp_crypto)); + return ret; } void osdp_compute_pd_cryptogram(struct osdp_pd *pd) @@ -116,10 +116,9 @@ int osdp_verify_pd_cryptogram(struct osdp_pd *pd) memcpy(pd_crypto + 8, pd->sc.pd_random, 8); osdp_encrypt(pd->sc.s_enc, NULL, pd_crypto, 16); - if (osdp_ct_compare(pd->sc.pd_cryptogram, pd_crypto, 16) != 0) { - return -1; - } - return 0; + int ret = osdp_ct_compare(pd->sc.pd_cryptogram, pd_crypto, 16) == 0 ? 0 : -1; + osdp_fill_zeros(pd_crypto, sizeof(pd_crypto)); + return ret; } void osdp_compute_rmac_i(struct osdp_pd *pd)