diff options
| author | Nikolay Morozov <nmorozoff77@yandex.ru> | 2020-02-12 14:21:59 +0300 |
|---|---|---|
| committer | Dmitry Belyavskiy <beldmit@users.noreply.github.com> | 2020-02-14 12:29:52 +0300 |
| commit | 6061d170c7993f943a7ee5443ed9ddc544459b9e (patch) | |
| tree | a5b5f79cfdaa8f19b2bc0507b3b8f3384462984d | |
| parent | 053ecb0a582e2dbfba5ddd6dc8dafb5698051ac4 (diff) | |
| download | gost-engine-6061d170c7993f943a7ee5443ed9ddc544459b9e.zip gost-engine-6061d170c7993f943a7ee5443ed9ddc544459b9e.tar.gz gost-engine-6061d170c7993f943a7ee5443ed9ddc544459b9e.tar.bz2 | |
Destroy GOST key data with OPENSSL_cleanse()
| -rw-r--r-- | CMakeLists.txt | 2 | ||||
| -rw-r--r-- | gost89.c | 12 |
2 files changed, 9 insertions, 5 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 8036d34..4c06970 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -245,7 +245,7 @@ set(GOST_SUM_SOURCE_FILES ) add_executable(gostsum ${GOST_SUM_SOURCE_FILES}) -target_link_libraries(gostsum gost_core) +target_link_libraries(gostsum gost_core ${OPENSSL_CRYPTO_LIBRARY}) set(GOST_12_SUM_SOURCE_FILES gost12sum.c @@ -8,6 +8,7 @@ * this code * **********************************************************************/ #include <string.h> +#include <openssl/crypto.h> #include "gost89.h" /*- Substitution blocks from RFC 4357 @@ -503,9 +504,7 @@ void gost_init(gost_ctx * c, const gost_subst_block * b) /* Cleans up key from context */ void gost_destroy(gost_ctx * c) { - int i; - for (i = 0; i < 8; i++) - c->k[i] = 0; + OPENSSL_cleanse(c->k, sizeof(c->k)); } /* @@ -627,11 +626,13 @@ void cryptopro_key_meshing(gost_ctx * ctx, unsigned char *iv) gost_dec(ctx, CryptoProKeyMeshingKey, newkey, 4); /* set new key */ gost_key(ctx, newkey); + OPENSSL_cleanse(newkey, sizeof(newkey)); /* Encrypt iv with new key */ if (iv != NULL ) { unsigned char newiv[8]; gostcrypt(ctx, iv, newiv); memcpy(iv, newiv, 8); + OPENSSL_cleanse(newiv, sizeof(newiv)); } } @@ -639,16 +640,19 @@ void acpkm_magma_key_meshing(gost_ctx * ctx) { unsigned char newkey[32]; int i, j; - unsigned char buf[8], keybuf[8]; for (i = 0; i < 4; i++) { + unsigned char buf[8], keybuf[8]; for (j = 0; j < 8; j++) { buf[j] = ACPKM_D_const[8 * i + 7 - j]; } gostcrypt(ctx, buf, keybuf); memcpy(newkey + 8 * i, keybuf + 4, 4); memcpy(newkey + 8 * i + 4, keybuf, 4); + OPENSSL_cleanse(keybuf, sizeof(keybuf)); + OPENSSL_cleanse(buf, sizeof(buf)); } /* set new key */ gost_key(ctx, newkey); + OPENSSL_cleanse(newkey, sizeof(newkey)); } |