From: Nikolay Morozov Date: Wed, 12 Feb 2020 11:21:59 +0000 (+0300) Subject: Destroy GOST key data with OPENSSL_cleanse() X-Git-Tag: v3.0.0~197 X-Git-Url: http://wagner.pp.ru/gitweb/?a=commitdiff_plain;h=6061d170c7993f943a7ee5443ed9ddc544459b9e;p=openssl-gost%2Fengine.git Destroy GOST key data with OPENSSL_cleanse() --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 8036d34..4c06970 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -245,7 +245,7 @@ set(GOST_SUM_SOURCE_FILES ) add_executable(gostsum ${GOST_SUM_SOURCE_FILES}) -target_link_libraries(gostsum gost_core) +target_link_libraries(gostsum gost_core ${OPENSSL_CRYPTO_LIBRARY}) set(GOST_12_SUM_SOURCE_FILES gost12sum.c diff --git a/gost89.c b/gost89.c index 593bc23..e84ec91 100644 --- a/gost89.c +++ b/gost89.c @@ -8,6 +8,7 @@ * this code * **********************************************************************/ #include +#include #include "gost89.h" /*- Substitution blocks from RFC 4357 @@ -503,9 +504,7 @@ void gost_init(gost_ctx * c, const gost_subst_block * b) /* Cleans up key from context */ void gost_destroy(gost_ctx * c) { - int i; - for (i = 0; i < 8; i++) - c->k[i] = 0; + OPENSSL_cleanse(c->k, sizeof(c->k)); } /* @@ -627,11 +626,13 @@ void cryptopro_key_meshing(gost_ctx * ctx, unsigned char *iv) gost_dec(ctx, CryptoProKeyMeshingKey, newkey, 4); /* set new key */ gost_key(ctx, newkey); + OPENSSL_cleanse(newkey, sizeof(newkey)); /* Encrypt iv with new key */ if (iv != NULL ) { unsigned char newiv[8]; gostcrypt(ctx, iv, newiv); memcpy(iv, newiv, 8); + OPENSSL_cleanse(newiv, sizeof(newiv)); } } @@ -639,16 +640,19 @@ void acpkm_magma_key_meshing(gost_ctx * ctx) { unsigned char newkey[32]; int i, j; - unsigned char buf[8], keybuf[8]; for (i = 0; i < 4; i++) { + unsigned char buf[8], keybuf[8]; for (j = 0; j < 8; j++) { buf[j] = ACPKM_D_const[8 * i + 7 - j]; } gostcrypt(ctx, buf, keybuf); memcpy(newkey + 8 * i, keybuf + 4, 4); memcpy(newkey + 8 * i + 4, keybuf, 4); + OPENSSL_cleanse(keybuf, sizeof(keybuf)); + OPENSSL_cleanse(buf, sizeof(buf)); } /* set new key */ gost_key(ctx, newkey); + OPENSSL_cleanse(newkey, sizeof(newkey)); }