Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2026-06-10 14:57:02 -05:00
Code Activity

Windows driver: fix PBKDF XSTATE cleanup

Browse Source 
Ensure SHA-256 and SHA-512 PBKDF cancellation paths restore saved extended processor state before cleanup. Remove unnecessary extended-state save/restore around BLAKE2s, which does not use AVX in the current implementation.
This commit is contained in:
Mounir IDRASSI
2026-06-03 11:50:13 +09:00
parent fcd430d659
commit c748b44b02
1 changed files with 4 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Common/Pkcs5.c
+4 -25
View File
@@ -300,12 +300,12 @@ void derive_key_sha256 (const unsigned char *pwd, int pwd_len, const unsigned ch
#endif #endif
memcpy (dk, hmac.u, r); memcpy (dk, hmac.u, r);
#ifndef TC_WINDOWS_BOOT
cancelled:
#endif
#if defined (DEVICE_DRIVER) && !defined(_M_ARM64) #if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
if (NT_SUCCESS (saveStatus)) if (NT_SUCCESS (saveStatus))
KeRestoreExtendedProcessorState(&SaveState); KeRestoreExtendedProcessorState(&SaveState);
#endif
#ifndef TC_WINDOWS_BOOT
cancelled:
#endif #endif
/* Prevent possible leaks. */ /* Prevent possible leaks. */
burn (&hmac, sizeof(hmac)); burn (&hmac, sizeof(hmac));
@@ -536,11 +536,11 @@ void derive_key_sha512 (const unsigned char *pwd, int pwd_len, const unsigned ch
goto cancelled; goto cancelled;
memcpy (dk, hmac.u, r); memcpy (dk, hmac.u, r);
cancelled:
#if defined (DEVICE_DRIVER) && !defined(_M_ARM64) #if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
if (NT_SUCCESS (saveStatus)) if (NT_SUCCESS (saveStatus))
KeRestoreExtendedProcessorState(&SaveState); KeRestoreExtendedProcessorState(&SaveState);
#endif #endif
cancelled:
/* Prevent possible leaks. */ /* Prevent possible leaks. */
burn (&hmac, sizeof(hmac)); burn (&hmac, sizeof(hmac));
burn (key, sizeof(key)); burn (key, sizeof(key));
@@ -599,12 +599,6 @@ void hmac_blake2s
unsigned char* buf = hmac.k; unsigned char* buf = hmac.k;
int b; int b;
unsigned char key[BLAKE2S_DIGESTSIZE]; unsigned char key[BLAKE2S_DIGESTSIZE];
#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
XSTATE_SAVE SaveState;
if (IsCpuIntel() && HasSAVX())
saveStatus = KeSaveExtendedProcessorState(XSTATE_MASK_GSSE, &SaveState);
#endif
/* If the key is longer than the hash algorithm block size, /* If the key is longer than the hash algorithm block size,
let key = blake2s(key), as per HMAC specifications. */ let key = blake2s(key), as per HMAC specifications. */
if (lk > BLAKE2S_BLOCKSIZE) if (lk > BLAKE2S_BLOCKSIZE)
@@ -646,11 +640,6 @@ void hmac_blake2s
hmac_blake2s_internal(d, ld, &hmac); hmac_blake2s_internal(d, ld, &hmac);
#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
if (NT_SUCCESS (saveStatus))
KeRestoreExtendedProcessorState(&SaveState);
#endif
/* Prevent leaks */ /* Prevent leaks */
burn(&hmac, sizeof(hmac)); burn(&hmac, sizeof(hmac));
burn(key, sizeof(key)); burn(key, sizeof(key));
@@ -729,12 +718,6 @@ void derive_key_blake2s (const unsigned char *pwd, int pwd_len, const unsigned c
int b, l, r; int b, l, r;
#ifndef TC_WINDOWS_BOOT #ifndef TC_WINDOWS_BOOT
unsigned char key[BLAKE2S_DIGESTSIZE]; unsigned char key[BLAKE2S_DIGESTSIZE];
#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
XSTATE_SAVE SaveState;
if (IsCpuIntel() && HasSAVX())
saveStatus = KeSaveExtendedProcessorState(XSTATE_MASK_GSSE, &SaveState);
#endif
/* If the password is longer than the hash algorithm block size, /* If the password is longer than the hash algorithm block size,
let pwd = blake2s(pwd), as per HMAC specifications. */ let pwd = blake2s(pwd), as per HMAC specifications. */
if (pwd_len > BLAKE2S_BLOCKSIZE) if (pwd_len > BLAKE2S_BLOCKSIZE)
@@ -812,10 +795,6 @@ void derive_key_blake2s (const unsigned char *pwd, int pwd_len, const unsigned c
#endif #endif
memcpy (dk, hmac.u, r); memcpy (dk, hmac.u, r);
#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
if (NT_SUCCESS (saveStatus))
KeRestoreExtendedProcessorState(&SaveState);
#endif
#ifndef TC_WINDOWS_BOOT #ifndef TC_WINDOWS_BOOT
cancelled: cancelled:
#endif #endif