goToMain · rherrmannr · Apr 8, 2026 · sidcha · Apr 18, 2026 · sidcha
diff --git a/src/crypto/mbedtls.c b/src/crypto/mbedtls.c
@@ -11,6 +11,7 @@
 #include <mbedtls/aes.h>
 #include <mbedtls/entropy.h>
 #include <mbedtls/ctr_drbg.h>
+#include <mbedtls/platform_util.h>
 
 #include <osdp.h>
 
@@ -88,6 +89,11 @@ void osdp_fill_random(uint8_t *buf, int len)
 	assert(rc == 0);
 }
 
+void osdp_fill_zeros(void *buf, int len)
+{
+	mbedtls_platform_zeroize(buf, (size_t)len);
+}
+
 void osdp_crypt_teardown()
 {
 	mbedtls_ctr_drbg_free(&ctr_drbg_ctx);

diff --git a/src/crypto/openssl.c b/src/crypto/openssl.c
@@ -107,6 +107,11 @@ void osdp_fill_random(uint8_t *buf, int len)
 	}
 }
 
+void osdp_fill_zeros(void *buf, int len)
+{
+	OPENSSL_cleanse(buf, (size_t)len);
+}
+
 void osdp_crypt_teardown()
 {
 }
diff --git a/src/crypto/tinyaes.c b/src/crypto/tinyaes.c
@@ -6,6 +6,7 @@
 
 #include <stdint.h>
 #include <stdlib.h>
+#include <string.h>
 #include <assert.h>
 
 #include "tinyaes_src.h"
@@ -56,6 +57,11 @@ void osdp_fill_random(uint8_t *buf, int len)
 	}
 }
 
+void osdp_fill_zeros(void *buf, int len)
+{
+	explicit_bzero(buf, (size_t)len);
-	explicit_bzero(buf, (size_t)len);
+	volatile uint8_t *p = (volatile uint8_t *)buf; 
+    while (len--)
+        *p++ = 0; 
-	explicit_bzero(buf, (size_t)len);
+	volatile uint8_t *p = (volatile uint8_t *)buf; 
+    while (len--)
+        *p++ = 0; 
+}
+
 void osdp_crypt_teardown()
 {
 }
diff --git a/src/osdp_common.h b/src/osdp_common.h
@@ -520,6 +520,7 @@ void osdp_crypt_setup();
 void osdp_encrypt(uint8_t *key, uint8_t *iv, uint8_t *data, int len);
 void osdp_decrypt(uint8_t *key, uint8_t *iv, uint8_t *data, int len);
 void osdp_fill_random(uint8_t *buf, int len);
+void osdp_fill_zeros(void *buf, int len);
 void osdp_crypt_teardown();
 
 /* --- from osdp_sc.c --- */

diff --git a/src/osdp_cp.c b/src/osdp_cp.c
@@ -1609,6 +1609,7 @@ void osdp_cp_teardown(osdp_t *ctx)
 		if (is_capture_enabled(pd)) {
 			osdp_packet_capture_finish(pd);
 		}
+		osdp_fill_zeros(&pd->sc, sizeof(struct osdp_secure_channel));
 
 #ifndef OPT_OSDP_STATIC
 		safe_free(pd->file);

diff --git a/src/osdp_pd.c b/src/osdp_pd.c
@@ -1127,6 +1127,7 @@ static void osdp_pd_update(struct osdp_pd *pd)
 		}
 		if (pd->cmd_id == CMD_KEYSET && pd->reply_id == REPLY_ACK) {
 			memcpy(pd->sc.scbk, pd->keyset_pending, 16);
+			osdp_fill_zeros(pd->keyset_pending, 16);
 			CLEAR_FLAG(pd, PD_FLAG_SC_USE_SCBKD);
 			CLEAR_FLAG(pd, PD_FLAG_INSTALL_MODE);
 			sc_deactivate(pd);
@@ -1340,6 +1341,8 @@ void osdp_pd_teardown(osdp_t *ctx)
 		osdp_packet_capture_finish(pd);
 	}
 
+	osdp_fill_zeros(&pd->sc, sizeof(struct osdp_secure_channel));
+
 	if (pd_ctx->channel.close) {
 		pd_ctx->channel.close(pd_ctx->channel.data);
 	}

diff --git a/src/osdp_sc.c b/src/osdp_sc.c
@@ -56,6 +56,7 @@ void osdp_compute_session_keys(struct osdp_pd *pd)
 	osdp_encrypt(scbk, NULL, pd->sc.s_enc, 16);
 	osdp_encrypt(scbk, NULL, pd->sc.s_mac1, 16);
 	osdp_encrypt(scbk, NULL, pd->sc.s_mac2, 16);
+	osdp_fill_zeros(scbk, sizeof(scbk));
 }
 
 void osdp_compute_cp_cryptogram(struct osdp_pd *pd)
@@ -93,10 +94,9 @@ int osdp_verify_cp_cryptogram(struct osdp_pd *pd)
 	memcpy(cp_crypto + 8, pd->sc.cp_random, 8);
 	osdp_encrypt(pd->sc.s_enc, NULL, cp_crypto, 16);
 
-	if (osdp_ct_compare(pd->sc.cp_cryptogram, cp_crypto, 16) != 0) {
-		return -1;
-	}
-	return 0;
+	int ret = osdp_ct_compare(pd->sc.cp_cryptogram, cp_crypto, 16) == 0 ? 0 : -1;
+	osdp_fill_zeros(cp_crypto, sizeof(cp_crypto));
+	return ret;
 }
 
 void osdp_compute_pd_cryptogram(struct osdp_pd *pd)
@@ -116,10 +116,9 @@ int osdp_verify_pd_cryptogram(struct osdp_pd *pd)
 	memcpy(pd_crypto + 8, pd->sc.pd_random, 8);
 	osdp_encrypt(pd->sc.s_enc, NULL, pd_crypto, 16);
 
-	if (osdp_ct_compare(pd->sc.pd_cryptogram, pd_crypto, 16) != 0) {
-		return -1;
-	}
-	return 0;
+	int ret = osdp_ct_compare(pd->sc.pd_cryptogram, pd_crypto, 16) == 0 ? 0 : -1;
+	osdp_fill_zeros(pd_crypto, sizeof(pd_crypto));
+	return ret;
 }
 
 void osdp_compute_rmac_i(struct osdp_pd *pd)