abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-20 03:44:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Clean cipher local vars

Browse Source
This commit is contained in:
Zhi Guan
2026-06-13 22:57:20 +08:00
parent c12edeb7b1
commit a73c303339
4 changed files with 33 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@@ -768,7 +768,7 @@ endif()
# #
set(CPACK_PACKAGE_NAME "GmSSL") set(CPACK_PACKAGE_NAME "GmSSL")
set(CPACK_PACKAGE_VENDOR "GmSSL develop team") set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
set(CPACK_PACKAGE_VERSION "3.2.0-dev.1035") set(CPACK_PACKAGE_VERSION "3.2.0-dev.1036")
set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md) set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
set(CPACK_NSIS_MODIFY_PATH ON) set(CPACK_NSIS_MODIFY_PATH ON)
include(CPack) include(CPack)

2
include/gmssl/version.h
View File

@@ -19,7 +19,7 @@ extern "C" {
// Also update CPACK_PACKAGE_VERSION in CMakeLists.txt // Also update CPACK_PACKAGE_VERSION in CMakeLists.txt
#define GMSSL_VERSION_NUM 30200 #define GMSSL_VERSION_NUM 30200
#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1035" #define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1036"
int gmssl_version_num(void); int gmssl_version_num(void);
const char *gmssl_version_str(void); const char *gmssl_version_str(void);

16
src/aes_modes.c
View File

@@ -153,6 +153,7 @@ static void aes_ctr32_encrypt(const AES_KEY *key, uint8_t ctr[16], const uint8_t
out += len; out += len;
inlen -= len; inlen -= len;
} }
gmssl_secure_clear(block, sizeof(block));
} }
int aes_gcm_encrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen, int aes_gcm_encrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
@@ -188,6 +189,10 @@ int aes_gcm_encrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
ghash(H, aad, aadlen, out, inlen, H); ghash(H, aad, aadlen, out, inlen, H);
gmssl_memxor(tag, T, H, taglen); gmssl_memxor(tag, T, H, taglen);
gmssl_secure_clear(H, sizeof(H));
gmssl_secure_clear(Y, sizeof(Y));
gmssl_secure_clear(T, sizeof(T));
return 1; return 1;
} }
@@ -202,6 +207,11 @@ int aes_gcm_decrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
uint8_t Y[16]; uint8_t Y[16];
uint8_t T[16]; uint8_t T[16];
if (taglen > AES_GCM_MAX_TAG_SIZE) {
error_print();
return -1;
}
aes_encrypt(key, H, H); aes_encrypt(key, H, H);
if (ivlen == 12) { if (ivlen == 12) {
@@ -216,6 +226,9 @@ int aes_gcm_decrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
aes_encrypt(key, Y, T); aes_encrypt(key, Y, T);
gmssl_memxor(T, T, H, taglen); gmssl_memxor(T, T, H, taglen);
if (gmssl_secure_memcmp(T, tag, taglen) != 0) { if (gmssl_secure_memcmp(T, tag, taglen) != 0) {
gmssl_secure_clear(H, sizeof(H));
gmssl_secure_clear(Y, sizeof(Y));
gmssl_secure_clear(T, sizeof(T));
error_print(); error_print();
return -1; return -1;
} }
@@ -223,5 +236,8 @@ int aes_gcm_decrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
ctr32_incr(Y); ctr32_incr(Y);
aes_ctr32_encrypt(key, Y, in, inlen, out); aes_ctr32_encrypt(key, Y, in, inlen, out);
gmssl_secure_clear(H, sizeof(H));
gmssl_secure_clear(Y, sizeof(Y));
gmssl_secure_clear(T, sizeof(T));
return 1; return 1;
} }

18
src/sm4_gcm.c
View File

@@ -69,6 +69,9 @@ int sm4_gcm_encrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
ghash(H, aad, aadlen, out, inlen, H); ghash(H, aad, aadlen, out, inlen, H);
gmssl_memxor(tag, T, H, taglen); gmssl_memxor(tag, T, H, taglen);
gmssl_secure_clear(H, sizeof(H));
gmssl_secure_clear(Y, sizeof(Y));
gmssl_secure_clear(T, sizeof(T));
return 1; return 1;
} }
@@ -112,6 +115,9 @@ int sm4_gcm_decrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
sm4_encrypt(key, Y, T); sm4_encrypt(key, Y, T);
gmssl_memxor(T, T, H, taglen); gmssl_memxor(T, T, H, taglen);
if (gmssl_secure_memcmp(T, tag, taglen) != 0) { if (gmssl_secure_memcmp(T, tag, taglen) != 0) {
gmssl_secure_clear(H, sizeof(H));
gmssl_secure_clear(Y, sizeof(Y));
gmssl_secure_clear(T, sizeof(T));
error_print(); error_print();
return -1; return -1;
} }
@@ -119,6 +125,9 @@ int sm4_gcm_decrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
ctr32_incr(Y); ctr32_incr(Y);
sm4_ctr32_encrypt(key, Y, in, inlen, out); sm4_ctr32_encrypt(key, Y, in, inlen, out);
gmssl_secure_clear(H, sizeof(H));
gmssl_secure_clear(Y, sizeof(Y));
gmssl_secure_clear(T, sizeof(T));
return 1; return 1;
} }
@@ -227,6 +236,7 @@ int sm4_gcm_encrypt_finish(SM4_GCM_CTX *ctx, uint8_t *out, size_t *outlen)
memcpy(out + *outlen, mac, ctx->taglen); memcpy(out + *outlen, mac, ctx->taglen);
*outlen += ctx->taglen; *outlen += ctx->taglen;
gmssl_secure_clear(mac, sizeof(mac));
return 1; return 1;
} }
@@ -311,7 +321,8 @@ int sm4_gcm_decrypt_update(SM4_GCM_CTX *ctx, const uint8_t *in, size_t inlen, ui
return -1; return -1;
} }
*outlen += len; *outlen += len;
memcpy(ctx->mac, in + inlen, GHASH_SIZE); memset(ctx->mac, 0, GHASH_SIZE);
memcpy(ctx->mac, in + inlen, ctx->taglen);
} }
ctx->encedlen += datalen; ctx->encedlen += datalen;
@@ -332,16 +343,17 @@ int sm4_gcm_decrypt_finish(SM4_GCM_CTX *ctx, uint8_t *out, size_t *outlen)
} }
ghash_finish(&ctx->mac_ctx, mac); ghash_finish(&ctx->mac_ctx, mac);
if (sm4_ctr32_encrypt_finish(&ctx->enc_ctx, out, outlen) != 1) { if (sm4_ctr32_encrypt_finish(&ctx->enc_ctx, out, outlen) != 1) {
gmssl_secure_clear(mac, sizeof(mac));
error_print(); error_print();
return -1; return -1;
} }
gmssl_memxor(mac, mac, ctx->Y, ctx->taglen); gmssl_memxor(mac, mac, ctx->Y, ctx->taglen);
if (gmssl_secure_memcmp(mac, ctx->mac, ctx->taglen) != 0) { if (gmssl_secure_memcmp(mac, ctx->mac, ctx->taglen) != 0) {
gmssl_secure_clear(mac, sizeof(mac));
error_print(); error_print();
return -1; return -1;
} }
memset(ctx->mac, 0, GHASH_SIZE); gmssl_secure_clear(mac, sizeof(mac));
ctx->maclen = 0;
return 1; return 1;
} }