From 0b7777fc3eee5931c27c640c8f01aa96fcef6236 Mon Sep 17 00:00:00 2001 From: LoRd_MuldeR Date: Sun, 21 Mar 2021 16:46:22 +0100 Subject: [PATCH] More thorough cleaning of encryption/decryption state and buffers. --- frontend/src/main.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/frontend/src/main.c b/frontend/src/main.c index c5807e9..4a6c2c4 100644 --- a/frontend/src/main.c +++ b/frontend/src/main.c @@ -396,6 +396,11 @@ clean_up: fclose(file_in); } + slunkcrypt_bzero(buffer, BUFFER_SIZE); + slunkcrypt_bzero(checksum_buffer, sizeof(uint64_t)); + slunkcrypt_bzero(&blake2s_state, sizeof(blake2s_t)); + slunkcrypt_bzero(&nonce, sizeof(uint64_t)); + return result; } @@ -545,10 +550,10 @@ static int decrypt(const char* const passphrase, const CHR* const input_path, co FPRINTF(stderr, T("\b\b\b\b\b\b\b%5.1f%%\n\n"), 100.0); fflush(stderr); - const uint64_t checksum_expected = load_ui64(checksum_buffer); - if (checksum_actual != checksum_expected) + const uint64_t checksum_stored = load_ui64(checksum_buffer); + if (checksum_actual != checksum_stored) { - FPRINTF(stderr, T("Error: Checksum mismatch detected! [expected: 0x%016") T(PRIX64) T(", actual: 0x%016") T(PRIX64) T("]\n\n"), checksum_expected, checksum_actual); + FPRINTF(stderr, T("Error: Checksum mismatch detected! [expected: 0x%016") T(PRIX64) T(", actual: 0x%016") T(PRIX64) T("]\n\n"), checksum_stored, checksum_actual); FPUTS(T("Wrong passphrase or corrupted file?\n\n"), stderr); goto clean_up; } @@ -575,6 +580,13 @@ clean_up: fclose(file_in); } + slunkcrypt_bzero(buffer, BUFFER_SIZE); + slunkcrypt_bzero(checksum_buffer, sizeof(uint64_t)); + slunkcrypt_bzero(&blake2s_state, sizeof(blake2s_t)); + slunkcrypt_bzero(&nonce, sizeof(uint64_t)); + slunkcrypt_bzero((void*)&checksum_stored, sizeof(uint64_t)); + slunkcrypt_bzero((void*)&checksum_actual, sizeof(uint64_t)); + return result; }