More thorough cleaning of encryption/decryption state and buffers.

This commit is contained in:
LoRd_MuldeR 2021-03-21 16:46:22 +01:00
parent 7a40d62b06
commit 0b7777fc3e
Signed by: mulder
GPG Key ID: 2B5913365F57E03F

View File

@ -396,6 +396,11 @@ clean_up:
fclose(file_in);
}
slunkcrypt_bzero(buffer, BUFFER_SIZE);
slunkcrypt_bzero(checksum_buffer, sizeof(uint64_t));
slunkcrypt_bzero(&blake2s_state, sizeof(blake2s_t));
slunkcrypt_bzero(&nonce, sizeof(uint64_t));
return result;
}
@ -545,10 +550,10 @@ static int decrypt(const char* const passphrase, const CHR* const input_path, co
FPRINTF(stderr, T("\b\b\b\b\b\b\b%5.1f%%\n\n"), 100.0);
fflush(stderr);
const uint64_t checksum_expected = load_ui64(checksum_buffer);
if (checksum_actual != checksum_expected)
const uint64_t checksum_stored = load_ui64(checksum_buffer);
if (checksum_actual != checksum_stored)
{
FPRINTF(stderr, T("Error: Checksum mismatch detected! [expected: 0x%016") T(PRIX64) T(", actual: 0x%016") T(PRIX64) T("]\n\n"), checksum_expected, checksum_actual);
FPRINTF(stderr, T("Error: Checksum mismatch detected! [expected: 0x%016") T(PRIX64) T(", actual: 0x%016") T(PRIX64) T("]\n\n"), checksum_stored, checksum_actual);
FPUTS(T("Wrong passphrase or corrupted file?\n\n"), stderr);
goto clean_up;
}
@ -575,6 +580,13 @@ clean_up:
fclose(file_in);
}
slunkcrypt_bzero(buffer, BUFFER_SIZE);
slunkcrypt_bzero(checksum_buffer, sizeof(uint64_t));
slunkcrypt_bzero(&blake2s_state, sizeof(blake2s_t));
slunkcrypt_bzero(&nonce, sizeof(uint64_t));
slunkcrypt_bzero((void*)&checksum_stored, sizeof(uint64_t));
slunkcrypt_bzero((void*)&checksum_actual, sizeof(uint64_t));
return result;
}