1 files changed, 20 insertions, 4 deletions

diff --git a/cipher/cipher.c b/cipher/cipher.c
index 08d61655..2337c09f 100644
--- a/cipher/cipher.c
+++ b/cipher/cipher.c
@@ -150,7 +150,7 @@ dummy_setkey (void *c, const unsigned char *key, unsigned int keylen)
   return GPG_ERR_NO_ERROR;
 }
 
-static void
+static unsigned int
 dummy_encrypt_block (void *c,
 		     unsigned char *outbuf, const unsigned char *inbuf)
 {
@@ -158,9 +158,10 @@ dummy_encrypt_block (void *c,
   (void)outbuf;
   (void)inbuf;
   BUG();
+  return 0;
 }
 
-static void
+static unsigned int
 dummy_decrypt_block (void *c,
 		     unsigned char *outbuf, const unsigned char *inbuf)
 {
@@ -168,6 +169,7 @@ dummy_decrypt_block (void *c,
   (void)outbuf;
   (void)inbuf;
   BUG();
+  return 0;
 }
 
 static void
@@ -902,6 +904,7 @@ do_ecb_encrypt (gcry_cipher_hd_t c,
 {
   unsigned int blocksize = c->cipher->blocksize;
   unsigned int n, nblocks;
+  unsigned int burn, nburn;
 
   if (outbuflen < inbuflen)
     return GPG_ERR_BUFFER_TOO_SHORT;
@@ -909,13 +912,19 @@ do_ecb_encrypt (gcry_cipher_hd_t c,
     return GPG_ERR_INV_LENGTH;
 
   nblocks = inbuflen / c->cipher->blocksize;
+  burn = 0;
 
   for (n=0; n < nblocks; n++ )
     {
-      c->cipher->encrypt (&c->context.c, outbuf, (byte*)/*arggg*/inbuf);
+      nburn = c->cipher->encrypt (&c->context.c, outbuf, (byte*)/*arggg*/inbuf);
+      burn = nburn > burn ? nburn : burn;
       inbuf  += blocksize;
       outbuf += blocksize;
     }
+
+  if (burn > 0)
+    _gcry_burn_stack (burn + 4 * sizeof(void *));
+
   return 0;
 }
 
@@ -926,20 +935,27 @@ do_ecb_decrypt (gcry_cipher_hd_t c,
 {
   unsigned int blocksize = c->cipher->blocksize;
   unsigned int n, nblocks;
+  unsigned int burn, nburn;
 
   if (outbuflen < inbuflen)
     return GPG_ERR_BUFFER_TOO_SHORT;
   if ((inbuflen % blocksize))
     return GPG_ERR_INV_LENGTH;
+
   nblocks = inbuflen / c->cipher->blocksize;
+  burn = 0;
 
   for (n=0; n < nblocks; n++ )
     {
-      c->cipher->decrypt (&c->context.c, outbuf, (byte*)/*arggg*/inbuf );
+      nburn = c->cipher->decrypt (&c->context.c, outbuf, (byte*)/*arggg*/inbuf);
+      burn = nburn > burn ? nburn : burn;
       inbuf  += blocksize;
       outbuf += blocksize;
     }
 
+  if (burn > 0)
+    _gcry_burn_stack (burn + 4 * sizeof(void *));
+
   return 0;
 }