VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/DcsInt
diff options
context:
space:
mode:
Diffstat (limited to 'DcsInt')
-rw-r--r--DcsInt/DcsInt.c48
1 files changed, 30 insertions, 18 deletions
diff --git a/DcsInt/DcsInt.c b/DcsInt/DcsInt.c
index 7dd98ec..b7e392f 100644
--- a/DcsInt/DcsInt.c
+++ b/DcsInt/DcsInt.c
@@ -160,29 +160,33 @@ PrepareBootParams(
IN PCRYPTO_INFO cryptoInfo)
{
BootArguments *bootArgs;
- if (bootParams == NULL) return EFI_UNSUPPORTED;
- bootArgs = &bootParams->BootArgs;
- TC_SET_BOOT_ARGUMENTS_SIGNATURE(bootArgs->Signature);
- bootArgs->BootLoaderVersion = VERSION_NUM;
- bootArgs->CryptoInfoOffset = (uint16)(FIELD_OFFSET(BOOT_PARAMS, BootCryptoInfo));
- bootArgs->CryptoInfoLength = (uint16)(sizeof(BOOT_CRYPTO_HEADER) + 2 + sizeof(SECREGION_BOOT_PARAMS));
- bootArgs->HeaderSaltCrc32 = gHeaderSaltCrc32;
- CopyMem(&bootArgs->BootPassword, &gAuthPassword, sizeof(gAuthPassword));
- bootArgs->HiddenSystemPartitionStart = 0;
- bootArgs->DecoySystemPartitionStart = 0;
- bootArgs->BootDriveSignature = bootDriveSignature;
- bootArgs->Flags = (uint32)(gAuthPim << 16);
- bootArgs->BootArgumentsCrc32 = GetCrc32((byte *)bootArgs, (int)((byte *)&bootArgs->BootArgumentsCrc32 - (byte *)bootArgs));
- bootParams->BootCryptoInfo.ea = (uint16)cryptoInfo->ea;
- bootParams->BootCryptoInfo.mode = (uint16)cryptoInfo->mode;
- bootParams->BootCryptoInfo.pkcs5 = (uint16)cryptoInfo->pkcs5;
- SetSecRegionParamsMemory();
+ EFI_STATUS status;
+ if (bootParams == NULL) status = EFI_UNSUPPORTED;
+ else {
+ bootArgs = &bootParams->BootArgs;
+ TC_SET_BOOT_ARGUMENTS_SIGNATURE(bootArgs->Signature);
+ bootArgs->BootLoaderVersion = VERSION_NUM;
+ bootArgs->CryptoInfoOffset = (uint16)(FIELD_OFFSET(BOOT_PARAMS, BootCryptoInfo));
+ bootArgs->CryptoInfoLength = (uint16)(sizeof(BOOT_CRYPTO_HEADER) + 2 + sizeof(SECREGION_BOOT_PARAMS));
+ bootArgs->HeaderSaltCrc32 = gHeaderSaltCrc32;
+ CopyMem(&bootArgs->BootPassword, &gAuthPassword, sizeof(gAuthPassword));
+ bootArgs->HiddenSystemPartitionStart = 0;
+ bootArgs->DecoySystemPartitionStart = 0;
+ bootArgs->BootDriveSignature = bootDriveSignature;
+ bootArgs->Flags = (uint32)(gAuthPim << 16);
+ bootArgs->BootArgumentsCrc32 = GetCrc32((byte *)bootArgs, (int)((byte *)&bootArgs->BootArgumentsCrc32 - (byte *)bootArgs));
+ bootParams->BootCryptoInfo.ea = (uint16)cryptoInfo->ea;
+ bootParams->BootCryptoInfo.mode = (uint16)cryptoInfo->mode;
+ bootParams->BootCryptoInfo.pkcs5 = (uint16)cryptoInfo->pkcs5;
+ SetSecRegionParamsMemory();
+ status = EFI_SUCCESS;
+ }
// Clean auth data
MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
MEM_BURN(&gAuthPim, sizeof(gAuthPim));
- return EFI_SUCCESS;
+ return status;
}
void GetIntersection(uint64 start1, uint32 length1, uint64 start2, uint64 end2, uint64 *intersectStart, uint32 *intersectLength)
@@ -708,6 +712,10 @@ SecRegionTryDecrypt()
break;
} else {
ERR_PRINT(L"%a", gAuthErrorMsg);
+ // clear previous failed authentication information
+ MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
+ if (gAuthPimRqt)
+ MEM_BURN(&gAuthPim, sizeof(gAuthPim));
}
retry--;
} while (vcres != 0 && retry > 0);
@@ -1186,6 +1194,10 @@ UefiMain(
gST->ConIn->Reset(gST->ConIn, FALSE);
if (EFI_ERROR(res)) {
+ // clear buffers with potential authentication data
+ MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
+ MEM_BURN(&gAuthPim, sizeof(gAuthPim));
+
if (res == EFI_TIMEOUT)
return OnExit(gOnExitTimeout, OnExitAuthTimeout, res);
else if (res == EFI_DCS_USER_CANCELED)