diff options
Diffstat (limited to 'cipher/des.c')
| -rw-r--r-- | cipher/des.c | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/cipher/des.c b/cipher/des.c index 847a3473e..ce436d847 100644 --- a/cipher/des.c +++ b/cipher/des.c @@ -449,9 +449,16 @@ static byte weak_keys[64][8] = #define tripledes_ecb_decrypt(ctx, from, to) tripledes_ecb_crypt(ctx, from, to, 1) - - - +static void +burn_stack (int bytes) +{ + char buf[64]; + + memset (buf, 0, sizeof buf); + bytes -= sizeof buf; + if (bytes > 0) + burn_stack (bytes); +} /* * des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for @@ -558,6 +565,7 @@ des_setkey (struct _des_ctx *ctx, const byte * key) return G10ERR_SELFTEST_FAILED; des_key_schedule (key, ctx->encrypt_subkeys); + burn_stack (32); for(i=0; i<32; i+=2) { @@ -616,6 +624,7 @@ tripledes_set2keys (struct _tripledes_ctx *ctx, des_key_schedule (key1, ctx->encrypt_subkeys); des_key_schedule (key2, &(ctx->decrypt_subkeys[32])); + burn_stack (32); for(i=0; i<32; i+=2) { @@ -653,6 +662,7 @@ tripledes_set3keys (struct _tripledes_ctx *ctx, des_key_schedule (key1, ctx->encrypt_subkeys); des_key_schedule (key2, &(ctx->decrypt_subkeys[32])); des_key_schedule (key3, &(ctx->encrypt_subkeys[64])); + burn_stack (32); for(i=0; i<32; i+=2) { @@ -947,8 +957,11 @@ do_tripledes_setkey ( struct _tripledes_ctx *ctx, byte *key, unsigned keylen ) tripledes_set3keys ( ctx, key, key+8, key+16); - if( is_weak_key( key ) || is_weak_key( key+8 ) || is_weak_key( key+16 ) ) + if( is_weak_key( key ) || is_weak_key( key+8 ) || is_weak_key( key+16 ) ) { + burn_stack (64); return G10ERR_WEAK_KEY; + } + burn_stack (64); return 0; } @@ -958,12 +971,14 @@ static void do_tripledes_encrypt( struct _tripledes_ctx *ctx, byte *outbuf, byte *inbuf ) { tripledes_ecb_encrypt ( ctx, inbuf, outbuf ); + burn_stack (32); } static void do_tripledes_decrypt( struct _tripledes_ctx *ctx, byte *outbuf, byte *inbuf ) { tripledes_ecb_decrypt ( ctx, inbuf, outbuf ); + burn_stack (32); } |