Blame SOURCES/nss-softokn-aes-zeroize.patch
|
|
70d46f |
diff --git a/lib/freebl/intel-gcm-wrap.c b/lib/freebl/intel-gcm-wrap.c
|
|
|
70d46f |
--- a/lib/freebl/intel-gcm-wrap.c
|
|
|
70d46f |
+++ b/lib/freebl/intel-gcm-wrap.c
|
|
|
70d46f |
@@ -138,16 +138,17 @@ intel_AES_GCM_CreateContext(void *contex
|
|
|
70d46f |
loser:
|
|
|
70d46f |
PORT_Free(gcm);
|
|
|
70d46f |
return NULL;
|
|
|
70d46f |
}
|
|
|
70d46f |
|
|
|
70d46f |
void
|
|
|
70d46f |
intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit)
|
|
|
70d46f |
{
|
|
|
70d46f |
+ PORT_Memset(gcm, 0, sizeof(intel_AES_GCMContext));
|
|
|
70d46f |
if (freeit) {
|
|
|
70d46f |
PORT_Free(gcm);
|
|
|
70d46f |
}
|
|
|
70d46f |
}
|
|
|
70d46f |
|
|
|
70d46f |
SECStatus
|
|
|
70d46f |
intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm,
|
|
|
70d46f |
unsigned char *outbuf,
|
|
|
70d46f |
diff --git a/lib/freebl/rijndael.c b/lib/freebl/rijndael.c
|
|
|
70d46f |
--- a/lib/freebl/rijndael.c
|
|
|
70d46f |
+++ b/lib/freebl/rijndael.c
|
|
|
70d46f |
@@ -1027,23 +1027,25 @@ AES_CreateContext(const unsigned char *k
|
|
|
70d46f |
* AES_DestroyContext
|
|
|
70d46f |
*
|
|
|
70d46f |
* Zero an AES cipher context. If freeit is true, also free the pointer
|
|
|
70d46f |
* to the context.
|
|
|
70d46f |
*/
|
|
|
70d46f |
void
|
|
|
70d46f |
AES_DestroyContext(AESContext *cx, PRBool freeit)
|
|
|
70d46f |
{
|
|
|
70d46f |
+ void *mem = cx->mem;
|
|
|
70d46f |
if (cx->worker_cx && cx->destroy) {
|
|
|
70d46f |
(*cx->destroy)(cx->worker_cx, PR_TRUE);
|
|
|
70d46f |
cx->worker_cx = NULL;
|
|
|
70d46f |
cx->destroy = NULL;
|
|
|
70d46f |
}
|
|
|
70d46f |
+ PORT_Memset(cx, 0, sizeof(AESContext));
|
|
|
70d46f |
if (freeit) {
|
|
|
70d46f |
- PORT_Free(cx->mem);
|
|
|
70d46f |
+ PORT_Free(mem);
|
|
|
70d46f |
}
|
|
|
70d46f |
}
|
|
|
70d46f |
|
|
|
70d46f |
/*
|
|
|
70d46f |
* AES_Encrypt
|
|
|
70d46f |
*
|
|
|
70d46f |
* Encrypt an arbitrary-length buffer. The output buffer must already be
|
|
|
70d46f |
* allocated to at least inputLen.
|