mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-23 20:20:59 +00:00
Introduce polarssl_zeroize() instead of memset() for zeroization
This commit is contained in:
Paul Bakker
parent
1b08bd9525
commit
312da33ef1
|
|
@ -12,6 +12,8 @@ Changes
|
|||
* Improvements to tests/Makefile, contributed by Oden Eriksson.
|
||||
* Use UTC time to check certificate validity.
|
||||
* Reject certificates with times not in UTC, per RFC 5280.
|
||||
* Migrate zeroizing of data to polarssl_zeroize() instead of memset()
|
||||
against unwanted compiler optimizations
|
||||
|
||||
Security
|
||||
* Forbid change of server certificate during renegotiation to prevent
|
||||
|
|
|
|||
|
|
@ -40,6 +40,11 @@
|
|||
|
||||
#if !defined(POLARSSL_AES_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (little endian)
|
||||
*/
|
||||
|
|
@ -611,7 +616,7 @@ int aes_setkey_dec( aes_context *ctx, const unsigned char *key, unsigned int key
|
|||
*RK++ = *SK++;
|
||||
*RK++ = *SK++;
|
||||
|
||||
memset( &cty, 0, sizeof( aes_context ) );
|
||||
polarssl_zeroize( &cty, sizeof( aes_context ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
|
|||
|
|
@ -39,6 +39,11 @@
|
|||
|
||||
#include <stdlib.h>
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#define ciL (sizeof(t_uint)) /* chars in limb */
|
||||
#define biL (ciL << 3) /* bits in limb */
|
||||
#define biH (ciL << 2) /* half limb size */
|
||||
|
|
@ -72,7 +77,7 @@ void mpi_free( mpi *X )
|
|||
|
||||
if( X->p != NULL )
|
||||
{
|
||||
memset( X->p, 0, X->n * ciL );
|
||||
polarssl_zeroize( X->p, X->n * ciL );
|
||||
free( X->p );
|
||||
}
|
||||
|
||||
|
|
@ -101,7 +106,7 @@ int mpi_grow( mpi *X, size_t nblimbs )
|
|||
if( X->p != NULL )
|
||||
{
|
||||
memcpy( p, X->p, X->n * ciL );
|
||||
memset( X->p, 0, X->n * ciL );
|
||||
polarssl_zeroize( X->p, X->n * ciL );
|
||||
free( X->p );
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -37,6 +37,11 @@
|
|||
|
||||
#if !defined(POLARSSL_CAMELLIA_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
|
|
@ -456,7 +461,7 @@ int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, unsign
|
|||
*RK++ = *SK++;
|
||||
*RK++ = *SK++;
|
||||
|
||||
memset( &cty, 0, sizeof( camellia_context ) );
|
||||
polarssl_zeroize( &cty, sizeof( camellia_context ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
|
|||
|
|
@ -40,6 +40,11 @@
|
|||
#define strcasecmp _stricmp
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
static const int supported_ciphers[] = {
|
||||
|
||||
#if defined(POLARSSL_AES_C)
|
||||
|
|
@ -320,6 +325,7 @@ int cipher_free_ctx( cipher_context_t *ctx )
|
|||
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
|
||||
ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
|
||||
polarssl_zeroize( ctx, sizeof(cipher_context_t) );
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -51,6 +51,11 @@
|
|||
|
||||
#include <stdlib.h>
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_AES_C)
|
||||
|
||||
int aes_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
|
||||
|
|
@ -114,6 +119,7 @@ static void * aes_ctx_alloc( void )
|
|||
|
||||
static void aes_ctx_free( void *ctx )
|
||||
{
|
||||
polarssl_zeroize( ctx, sizeof( aes_context ) );
|
||||
free( ctx );
|
||||
}
|
||||
|
||||
|
|
@ -287,6 +293,7 @@ static void * camellia_ctx_alloc( void )
|
|||
|
||||
static void camellia_ctx_free( void *ctx )
|
||||
{
|
||||
polarssl_zeroize( ctx, sizeof( camellia_context ) );
|
||||
free( ctx );
|
||||
}
|
||||
|
||||
|
|
@ -495,6 +502,13 @@ static void * des3_ctx_alloc( void )
|
|||
|
||||
static void des_ctx_free( void *ctx )
|
||||
{
|
||||
polarssl_zeroize( ctx, sizeof( des_context ) );
|
||||
free( ctx );
|
||||
}
|
||||
|
||||
static void des3_ctx_free( void *ctx )
|
||||
{
|
||||
polarssl_zeroize( ctx, sizeof( des3_context ) );
|
||||
free( ctx );
|
||||
}
|
||||
|
||||
|
|
@ -527,7 +541,7 @@ const cipher_base_t des_ede_info = {
|
|||
des3_set2key_enc_wrap,
|
||||
des3_set2key_dec_wrap,
|
||||
des3_ctx_alloc,
|
||||
des_ctx_free
|
||||
des3_ctx_free
|
||||
};
|
||||
|
||||
const cipher_info_t des_ede_cbc_info = {
|
||||
|
|
@ -548,7 +562,7 @@ const cipher_base_t des_ede3_info = {
|
|||
des3_set3key_enc_wrap,
|
||||
des3_set3key_dec_wrap,
|
||||
des3_ctx_alloc,
|
||||
des_ctx_free
|
||||
des3_ctx_free
|
||||
};
|
||||
|
||||
const cipher_info_t des_ede3_cbc_info = {
|
||||
|
|
@ -625,6 +639,7 @@ static void * blowfish_ctx_alloc( void )
|
|||
|
||||
static void blowfish_ctx_free( void *ctx )
|
||||
{
|
||||
polarssl_zeroize( ctx, sizeof( blowfish_context ) );
|
||||
free( ctx );
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -37,6 +37,11 @@
|
|||
|
||||
#if !defined(POLARSSL_DES_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
|
|
@ -508,7 +513,7 @@ int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE *
|
|||
uint32_t sk[96];
|
||||
|
||||
des3_set2key( ctx->sk, sk, key );
|
||||
memset( sk, 0, sizeof( sk ) );
|
||||
polarssl_zeroize( sk, sizeof( sk ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
@ -521,7 +526,7 @@ int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE *
|
|||
uint32_t sk[96];
|
||||
|
||||
des3_set2key( sk, ctx->sk, key );
|
||||
memset( sk, 0, sizeof( sk ) );
|
||||
polarssl_zeroize( sk, sizeof( sk ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
@ -557,7 +562,7 @@ int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE *
|
|||
uint32_t sk[96];
|
||||
|
||||
des3_set3key( ctx->sk, sk, key );
|
||||
memset( sk, 0, sizeof( sk ) );
|
||||
polarssl_zeroize( sk, sizeof( sk ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
@ -570,7 +575,7 @@ int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE *
|
|||
uint32_t sk[96];
|
||||
|
||||
des3_set3key( sk, ctx->sk, key );
|
||||
memset( sk, 0, sizeof( sk ) );
|
||||
polarssl_zeroize( sk, sizeof( sk ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
|
|||
|
|
@ -34,6 +34,11 @@
|
|||
|
||||
#include "polarssl/dhm.h"
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* helper to validate the mpi size and import it
|
||||
*/
|
||||
|
|
@ -286,6 +291,8 @@ void dhm_free( dhm_context *ctx )
|
|||
mpi_free( &ctx->RP ); mpi_free( &ctx->K ); mpi_free( &ctx->GY );
|
||||
mpi_free( &ctx->GX ); mpi_free( &ctx->X ); mpi_free( &ctx->G );
|
||||
mpi_free( &ctx->P );
|
||||
|
||||
polarssl_zeroize( ctx, sizeof( dhm_context ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SELF_TEST)
|
||||
|
|
|
|||
|
|
@ -54,6 +54,11 @@
|
|||
}
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
static void gcm_gen_table( gcm_context *ctx )
|
||||
{
|
||||
int i, j;
|
||||
|
|
@ -322,7 +327,7 @@ int gcm_auth_decrypt( gcm_context *ctx,
|
|||
if( memcmp( check_tag, tag, tag_len ) == 0 )
|
||||
return( 0 );
|
||||
|
||||
memset( output, 0, length );
|
||||
polarssl_zeroize( output, length );
|
||||
|
||||
return( POLARSSL_ERR_GCM_AUTH_FAILED );
|
||||
}
|
||||
|
|
|
|||
|
|
@ -40,6 +40,11 @@
|
|||
#define strcasecmp _stricmp
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
static const int supported_digests[] = {
|
||||
|
||||
#if defined(POLARSSL_MD2_C)
|
||||
|
|
@ -173,7 +178,8 @@ int md_free_ctx( md_context_t *ctx )
|
|||
return POLARSSL_ERR_MD_BAD_INPUT_DATA;
|
||||
|
||||
ctx->md_info->ctx_free_func( ctx->md_ctx );
|
||||
ctx->md_ctx = NULL;
|
||||
|
||||
polarssl_zeroize( ctx, sizeof( md_context_t ) );
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -39,6 +39,11 @@
|
|||
#include <stdio.h>
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#if !defined(POLARSSL_MD2_ALT)
|
||||
|
||||
static const unsigned char PI_SUBST[256] =
|
||||
|
|
@ -178,7 +183,7 @@ void md2( const unsigned char *input, size_t ilen, unsigned char output[16] )
|
|||
md2_update( &ctx, input, ilen );
|
||||
md2_finish( &ctx, output );
|
||||
|
||||
memset( &ctx, 0, sizeof( md2_context ) );
|
||||
polarssl_zeroize( &ctx, sizeof( md2_context ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
|
|
@ -202,7 +207,7 @@ int md2_file( const char *path, unsigned char output[16] )
|
|||
|
||||
md2_finish( &ctx, output );
|
||||
|
||||
memset( &ctx, 0, sizeof( md2_context ) );
|
||||
polarssl_zeroize( &ctx, sizeof( md2_context ) );
|
||||
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
|
|
@ -242,7 +247,7 @@ void md2_hmac_starts( md2_context *ctx, const unsigned char *key, size_t keylen
|
|||
md2_starts( ctx );
|
||||
md2_update( ctx, ctx->ipad, 16 );
|
||||
|
||||
memset( sum, 0, sizeof( sum ) );
|
||||
polarssl_zeroize( sum, sizeof( sum ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -266,7 +271,7 @@ void md2_hmac_finish( md2_context *ctx, unsigned char output[16] )
|
|||
md2_update( ctx, tmpbuf, 16 );
|
||||
md2_finish( ctx, output );
|
||||
|
||||
memset( tmpbuf, 0, sizeof( tmpbuf ) );
|
||||
polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -291,7 +296,7 @@ void md2_hmac( const unsigned char *key, size_t keylen,
|
|||
md2_hmac_update( &ctx, input, ilen );
|
||||
md2_hmac_finish( &ctx, output );
|
||||
|
||||
memset( &ctx, 0, sizeof( md2_context ) );
|
||||
polarssl_zeroize( &ctx, sizeof( md2_context ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SELF_TEST)
|
||||
|
|
|
|||
|
|
@ -39,6 +39,11 @@
|
|||
#include <stdio.h>
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#if !defined(POLARSSL_MD4_ALT)
|
||||
|
||||
/*
|
||||
|
|
@ -274,7 +279,7 @@ void md4( const unsigned char *input, size_t ilen, unsigned char output[16] )
|
|||
md4_update( &ctx, input, ilen );
|
||||
md4_finish( &ctx, output );
|
||||
|
||||
memset( &ctx, 0, sizeof( md4_context ) );
|
||||
polarssl_zeroize( &ctx, sizeof( md4_context ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
|
|
@ -298,7 +303,7 @@ int md4_file( const char *path, unsigned char output[16] )
|
|||
|
||||
md4_finish( &ctx, output );
|
||||
|
||||
memset( &ctx, 0, sizeof( md4_context ) );
|
||||
polarssl_zeroize( &ctx, sizeof( md4_context ) );
|
||||
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
|
|
@ -338,7 +343,7 @@ void md4_hmac_starts( md4_context *ctx, const unsigned char *key, size_t keylen
|
|||
md4_starts( ctx );
|
||||
md4_update( ctx, ctx->ipad, 64 );
|
||||
|
||||
memset( sum, 0, sizeof( sum ) );
|
||||
polarssl_zeroize( sum, sizeof( sum ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -362,7 +367,7 @@ void md4_hmac_finish( md4_context *ctx, unsigned char output[16] )
|
|||
md4_update( ctx, tmpbuf, 16 );
|
||||
md4_finish( ctx, output );
|
||||
|
||||
memset( tmpbuf, 0, sizeof( tmpbuf ) );
|
||||
polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -387,7 +392,7 @@ void md4_hmac( const unsigned char *key, size_t keylen,
|
|||
md4_hmac_update( &ctx, input, ilen );
|
||||
md4_hmac_finish( &ctx, output );
|
||||
|
||||
memset( &ctx, 0, sizeof( md4_context ) );
|
||||
polarssl_zeroize( &ctx, sizeof( md4_context ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SELF_TEST)
|
||||
|
|
|
|||
|
|
@ -38,6 +38,11 @@
|
|||
#include <stdio.h>
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#if !defined(POLARSSL_MD5_ALT)
|
||||
|
||||
/*
|
||||
|
|
@ -291,7 +296,7 @@ void md5( const unsigned char *input, size_t ilen, unsigned char output[16] )
|
|||
md5_update( &ctx, input, ilen );
|
||||
md5_finish( &ctx, output );
|
||||
|
||||
memset( &ctx, 0, sizeof( md5_context ) );
|
||||
polarssl_zeroize( &ctx, sizeof( md5_context ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
|
|
@ -315,7 +320,7 @@ int md5_file( const char *path, unsigned char output[16] )
|
|||
|
||||
md5_finish( &ctx, output );
|
||||
|
||||
memset( &ctx, 0, sizeof( md5_context ) );
|
||||
polarssl_zeroize( &ctx, sizeof( md5_context ) );
|
||||
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
|
|
@ -355,7 +360,7 @@ void md5_hmac_starts( md5_context *ctx, const unsigned char *key, size_t keylen
|
|||
md5_starts( ctx );
|
||||
md5_update( ctx, ctx->ipad, 64 );
|
||||
|
||||
memset( sum, 0, sizeof( sum ) );
|
||||
polarssl_zeroize( sum, sizeof( sum ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -379,7 +384,7 @@ void md5_hmac_finish( md5_context *ctx, unsigned char output[16] )
|
|||
md5_update( ctx, tmpbuf, 16 );
|
||||
md5_finish( ctx, output );
|
||||
|
||||
memset( tmpbuf, 0, sizeof( tmpbuf ) );
|
||||
polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -404,7 +409,7 @@ void md5_hmac( const unsigned char *key, size_t keylen,
|
|||
md5_hmac_update( &ctx, input, ilen );
|
||||
md5_hmac_finish( &ctx, output );
|
||||
|
||||
memset( &ctx, 0, sizeof( md5_context ) );
|
||||
polarssl_zeroize( &ctx, sizeof( md5_context ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SELF_TEST)
|
||||
|
|
|
|||
|
|
@ -59,6 +59,11 @@
|
|||
|
||||
#include <stdlib.h>
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_MD2_C)
|
||||
|
||||
static void md2_starts_wrap( void *ctx )
|
||||
|
|
@ -114,6 +119,7 @@ static void * md2_ctx_alloc( void )
|
|||
|
||||
static void md2_ctx_free( void *ctx )
|
||||
{
|
||||
polarssl_zeroize( ctx, sizeof( md2_context ) );
|
||||
free( ctx );
|
||||
}
|
||||
|
||||
|
|
@ -192,6 +198,7 @@ void *md4_ctx_alloc( void )
|
|||
|
||||
void md4_ctx_free( void *ctx )
|
||||
{
|
||||
polarssl_zeroize( ctx, sizeof( md4_context ) );
|
||||
free( ctx );
|
||||
}
|
||||
|
||||
|
|
@ -270,6 +277,7 @@ static void * md5_ctx_alloc( void )
|
|||
|
||||
static void md5_ctx_free( void *ctx )
|
||||
{
|
||||
polarssl_zeroize( ctx, sizeof( md5_context ) );
|
||||
free( ctx );
|
||||
}
|
||||
|
||||
|
|
@ -348,6 +356,7 @@ void * sha1_ctx_alloc( void )
|
|||
|
||||
void sha1_ctx_free( void *ctx )
|
||||
{
|
||||
polarssl_zeroize( ctx, sizeof( sha1_context ) );
|
||||
free( ctx );
|
||||
}
|
||||
|
||||
|
|
@ -442,6 +451,7 @@ void * sha224_ctx_alloc( void )
|
|||
|
||||
void sha224_ctx_free( void *ctx )
|
||||
{
|
||||
polarssl_zeroize( ctx, sizeof( sha2_context ) );
|
||||
free( ctx );
|
||||
}
|
||||
|
||||
|
|
@ -529,6 +539,7 @@ void * sha256_ctx_alloc( void )
|
|||
|
||||
void sha256_ctx_free( void *ctx )
|
||||
{
|
||||
polarssl_zeroize( ctx, sizeof( sha2_context ) );
|
||||
free( ctx );
|
||||
}
|
||||
|
||||
|
|
@ -620,6 +631,7 @@ void * sha384_ctx_alloc( void )
|
|||
|
||||
void sha384_ctx_free( void *ctx )
|
||||
{
|
||||
polarssl_zeroize( ctx, sizeof( sha4_context ) );
|
||||
free( ctx );
|
||||
}
|
||||
|
||||
|
|
@ -707,6 +719,7 @@ void * sha512_ctx_alloc( void )
|
|||
|
||||
void sha512_ctx_free( void *ctx )
|
||||
{
|
||||
polarssl_zeroize( ctx, sizeof( sha4_context ) );
|
||||
free( ctx );
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -36,6 +36,11 @@
|
|||
|
||||
#include <stdlib.h>
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
void pem_init( pem_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( pem_context ) );
|
||||
|
|
@ -86,8 +91,8 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen,
|
|||
{
|
||||
memcpy( key, md5sum, keylen );
|
||||
|
||||
memset( &md5_ctx, 0, sizeof( md5_ctx ) );
|
||||
memset( md5sum, 0, 16 );
|
||||
polarssl_zeroize( &md5_ctx, sizeof( md5_ctx ) );
|
||||
polarssl_zeroize( md5sum, 16 );
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -108,8 +113,8 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen,
|
|||
|
||||
memcpy( key + 16, md5sum, use_len );
|
||||
|
||||
memset( &md5_ctx, 0, sizeof( md5_ctx ) );
|
||||
memset( md5sum, 0, 16 );
|
||||
polarssl_zeroize( &md5_ctx, sizeof( md5_ctx ) );
|
||||
polarssl_zeroize( md5sum, 16 );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_DES_C)
|
||||
|
|
@ -129,8 +134,8 @@ static void pem_des_decrypt( unsigned char des_iv[8],
|
|||
des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen,
|
||||
des_iv, buf, buf );
|
||||
|
||||
memset( &des_ctx, 0, sizeof( des_ctx ) );
|
||||
memset( des_key, 0, 8 );
|
||||
polarssl_zeroize( &des_ctx, sizeof( des_ctx ) );
|
||||
polarssl_zeroize( des_key, 8 );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -149,8 +154,8 @@ static void pem_des3_decrypt( unsigned char des3_iv[8],
|
|||
des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen,
|
||||
des3_iv, buf, buf );
|
||||
|
||||
memset( &des3_ctx, 0, sizeof( des3_ctx ) );
|
||||
memset( des3_key, 0, 24 );
|
||||
polarssl_zeroize( &des3_ctx, sizeof( des3_ctx ) );
|
||||
polarssl_zeroize( des3_key, 24 );
|
||||
}
|
||||
#endif /* POLARSSL_DES_C */
|
||||
|
||||
|
|
@ -171,8 +176,8 @@ static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
|
|||
aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen,
|
||||
aes_iv, buf, buf );
|
||||
|
||||
memset( &aes_ctx, 0, sizeof( aes_ctx ) );
|
||||
memset( aes_key, 0, keylen );
|
||||
polarssl_zeroize( &aes_ctx, sizeof( aes_ctx ) );
|
||||
polarssl_zeroize( aes_key, keylen );
|
||||
}
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
|
|
@ -349,7 +354,7 @@ void pem_free( pem_context *ctx )
|
|||
if( ctx->info )
|
||||
free( ctx->info );
|
||||
|
||||
memset( ctx, 0, sizeof( pem_context ) );
|
||||
polarssl_zeroize( ctx, sizeof( pem_context ) );
|
||||
}
|
||||
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -38,6 +38,11 @@
|
|||
#include <stdio.h>
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#if !defined(POLARSSL_SHA1_ALT)
|
||||
|
||||
/*
|
||||
|
|
@ -324,7 +329,7 @@ void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
|
|||
sha1_update( &ctx, input, ilen );
|
||||
sha1_finish( &ctx, output );
|
||||
|
||||
memset( &ctx, 0, sizeof( sha1_context ) );
|
||||
polarssl_zeroize( &ctx, sizeof( sha1_context ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
|
|
@ -348,7 +353,7 @@ int sha1_file( const char *path, unsigned char output[20] )
|
|||
|
||||
sha1_finish( &ctx, output );
|
||||
|
||||
memset( &ctx, 0, sizeof( sha1_context ) );
|
||||
polarssl_zeroize( &ctx, sizeof( sha1_context ) );
|
||||
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
|
|
@ -388,7 +393,7 @@ void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keyle
|
|||
sha1_starts( ctx );
|
||||
sha1_update( ctx, ctx->ipad, 64 );
|
||||
|
||||
memset( sum, 0, sizeof( sum ) );
|
||||
polarssl_zeroize( sum, sizeof( sum ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -412,7 +417,7 @@ void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
|
|||
sha1_update( ctx, tmpbuf, 20 );
|
||||
sha1_finish( ctx, output );
|
||||
|
||||
memset( tmpbuf, 0, sizeof( tmpbuf ) );
|
||||
polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -437,7 +442,7 @@ void sha1_hmac( const unsigned char *key, size_t keylen,
|
|||
sha1_hmac_update( &ctx, input, ilen );
|
||||
sha1_hmac_finish( &ctx, output );
|
||||
|
||||
memset( &ctx, 0, sizeof( sha1_context ) );
|
||||
polarssl_zeroize( &ctx, sizeof( sha1_context ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SELF_TEST)
|
||||
|
|
|
|||
|
|
@ -38,6 +38,11 @@
|
|||
#include <stdio.h>
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#if !defined(POLARSSL_SHA2_ALT)
|
||||
|
||||
/*
|
||||
|
|
@ -326,7 +331,7 @@ void sha2( const unsigned char *input, size_t ilen,
|
|||
sha2_update( &ctx, input, ilen );
|
||||
sha2_finish( &ctx, output );
|
||||
|
||||
memset( &ctx, 0, sizeof( sha2_context ) );
|
||||
polarssl_zeroize( &ctx, sizeof( sha2_context ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
|
|
@ -350,7 +355,7 @@ int sha2_file( const char *path, unsigned char output[32], int is224 )
|
|||
|
||||
sha2_finish( &ctx, output );
|
||||
|
||||
memset( &ctx, 0, sizeof( sha2_context ) );
|
||||
polarssl_zeroize( &ctx, sizeof( sha2_context ) );
|
||||
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
|
|
@ -391,7 +396,7 @@ void sha2_hmac_starts( sha2_context *ctx, const unsigned char *key, size_t keyle
|
|||
sha2_starts( ctx, is224 );
|
||||
sha2_update( ctx, ctx->ipad, 64 );
|
||||
|
||||
memset( sum, 0, sizeof( sum ) );
|
||||
polarssl_zeroize( sum, sizeof( sum ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -419,7 +424,7 @@ void sha2_hmac_finish( sha2_context *ctx, unsigned char output[32] )
|
|||
sha2_update( ctx, tmpbuf, hlen );
|
||||
sha2_finish( ctx, output );
|
||||
|
||||
memset( tmpbuf, 0, sizeof( tmpbuf ) );
|
||||
polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -444,7 +449,7 @@ void sha2_hmac( const unsigned char *key, size_t keylen,
|
|||
sha2_hmac_update( &ctx, input, ilen );
|
||||
sha2_hmac_finish( &ctx, output );
|
||||
|
||||
memset( &ctx, 0, sizeof( sha2_context ) );
|
||||
polarssl_zeroize( &ctx, sizeof( sha2_context ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SELF_TEST)
|
||||
|
|
|
|||
|
|
@ -38,6 +38,11 @@
|
|||
#include <stdio.h>
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#if !defined(POLARSSL_SHA4_ALT)
|
||||
|
||||
/*
|
||||
|
|
@ -324,7 +329,7 @@ void sha4( const unsigned char *input, size_t ilen,
|
|||
sha4_update( &ctx, input, ilen );
|
||||
sha4_finish( &ctx, output );
|
||||
|
||||
memset( &ctx, 0, sizeof( sha4_context ) );
|
||||
polarssl_zeroize( &ctx, sizeof( sha4_context ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
|
|
@ -348,7 +353,7 @@ int sha4_file( const char *path, unsigned char output[64], int is384 )
|
|||
|
||||
sha4_finish( &ctx, output );
|
||||
|
||||
memset( &ctx, 0, sizeof( sha4_context ) );
|
||||
polarssl_zeroize( &ctx, sizeof( sha4_context ) );
|
||||
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
|
|
@ -389,7 +394,7 @@ void sha4_hmac_starts( sha4_context *ctx, const unsigned char *key, size_t keyle
|
|||
sha4_starts( ctx, is384 );
|
||||
sha4_update( ctx, ctx->ipad, 128 );
|
||||
|
||||
memset( sum, 0, sizeof( sum ) );
|
||||
polarssl_zeroize( sum, sizeof( sum ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -418,7 +423,7 @@ void sha4_hmac_finish( sha4_context *ctx, unsigned char output[64] )
|
|||
sha4_update( ctx, tmpbuf, hlen );
|
||||
sha4_finish( ctx, output );
|
||||
|
||||
memset( tmpbuf, 0, sizeof( tmpbuf ) );
|
||||
polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -443,7 +448,7 @@ void sha4_hmac( const unsigned char *key, size_t keylen,
|
|||
sha4_hmac_update( &ctx, input, ilen );
|
||||
sha4_hmac_finish( &ctx, output );
|
||||
|
||||
memset( &ctx, 0, sizeof( sha4_context ) );
|
||||
polarssl_zeroize( &ctx, sizeof( sha4_context ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SELF_TEST)
|
||||
|
|
|
|||
|
|
@ -54,6 +54,11 @@
|
|||
#define strcasecmp _stricmp
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
|
||||
int (*ssl_hw_record_init)(ssl_context *ssl,
|
||||
const unsigned char *key_enc, const unsigned char *key_dec,
|
||||
|
|
@ -127,11 +132,11 @@ static int ssl3_prf( unsigned char *secret, size_t slen, char *label,
|
|||
md5_finish( &md5, dstbuf + i * 16 );
|
||||
}
|
||||
|
||||
memset( &md5, 0, sizeof( md5 ) );
|
||||
memset( &sha1, 0, sizeof( sha1 ) );
|
||||
polarssl_zeroize( &md5, sizeof( md5 ) );
|
||||
polarssl_zeroize( &sha1, sizeof( sha1 ) );
|
||||
|
||||
memset( padding, 0, sizeof( padding ) );
|
||||
memset( sha1sum, 0, sizeof( sha1sum ) );
|
||||
polarssl_zeroize( padding, sizeof( padding ) );
|
||||
polarssl_zeroize( sha1sum, sizeof( sha1sum ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
@ -190,8 +195,8 @@ static int tls1_prf( unsigned char *secret, size_t slen, char *label,
|
|||
dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] );
|
||||
}
|
||||
|
||||
memset( tmp, 0, sizeof( tmp ) );
|
||||
memset( h_i, 0, sizeof( h_i ) );
|
||||
polarssl_zeroize( tmp, sizeof( tmp ) );
|
||||
polarssl_zeroize( h_i, sizeof( h_i ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
@ -229,8 +234,8 @@ static int tls_prf_sha256( unsigned char *secret, size_t slen, char *label,
|
|||
dstbuf[i + j] = h_i[j];
|
||||
}
|
||||
|
||||
memset( tmp, 0, sizeof( tmp ) );
|
||||
memset( h_i, 0, sizeof( h_i ) );
|
||||
polarssl_zeroize( tmp, sizeof( tmp ) );
|
||||
polarssl_zeroize( h_i, sizeof( h_i ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
@ -269,8 +274,8 @@ static int tls_prf_sha384( unsigned char *secret, size_t slen, char *label,
|
|||
dstbuf[i + j] = h_i[j];
|
||||
}
|
||||
|
||||
memset( tmp, 0, sizeof( tmp ) );
|
||||
memset( h_i, 0, sizeof( h_i ) );
|
||||
polarssl_zeroize( tmp, sizeof( tmp ) );
|
||||
polarssl_zeroize( h_i, sizeof( h_i ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
@ -357,7 +362,7 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||
"master secret",
|
||||
handshake->randbytes, 64, session->master, 48 );
|
||||
|
||||
memset( handshake->premaster, 0, sizeof( handshake->premaster ) );
|
||||
polarssl_zeroize( handshake->premaster, sizeof(handshake->premaster) );
|
||||
}
|
||||
else
|
||||
SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
|
||||
|
|
@ -368,7 +373,7 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||
memcpy( tmp, handshake->randbytes, 64 );
|
||||
memcpy( handshake->randbytes, tmp + 32, 32 );
|
||||
memcpy( handshake->randbytes + 32, tmp, 32 );
|
||||
memset( tmp, 0, sizeof( tmp ) );
|
||||
polarssl_zeroize( tmp, sizeof( tmp ) );
|
||||
|
||||
/*
|
||||
* SSLv3:
|
||||
|
|
@ -391,7 +396,7 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||
SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 );
|
||||
SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
|
||||
|
||||
memset( handshake->randbytes, 0, sizeof( handshake->randbytes ) );
|
||||
polarssl_zeroize( handshake->randbytes, sizeof( handshake->randbytes ) );
|
||||
|
||||
/*
|
||||
* Determine the appropriate key, IV and MAC length.
|
||||
|
|
@ -680,7 +685,7 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
||||
memset( keyblk, 0, sizeof( keyblk ) );
|
||||
polarssl_zeroize( keyblk, sizeof( keyblk ) );
|
||||
|
||||
#if defined(POLARSSL_ZLIB_SUPPORT)
|
||||
// Initialize compression
|
||||
|
|
@ -2654,12 +2659,12 @@ static void ssl_calc_finished_ssl(
|
|||
|
||||
SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 );
|
||||
|
||||
memset( &md5, 0, sizeof( md5_context ) );
|
||||
memset( &sha1, 0, sizeof( sha1_context ) );
|
||||
polarssl_zeroize( &md5, sizeof( md5_context ) );
|
||||
polarssl_zeroize( &sha1, sizeof( sha1_context ) );
|
||||
|
||||
memset( padbuf, 0, sizeof( padbuf ) );
|
||||
memset( md5sum, 0, sizeof( md5sum ) );
|
||||
memset( sha1sum, 0, sizeof( sha1sum ) );
|
||||
polarssl_zeroize( padbuf, sizeof( padbuf ) );
|
||||
polarssl_zeroize( md5sum, sizeof( md5sum ) );
|
||||
polarssl_zeroize( sha1sum, sizeof( sha1sum ) );
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
|
||||
}
|
||||
|
|
@ -2710,10 +2715,10 @@ static void ssl_calc_finished_tls(
|
|||
|
||||
SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
|
||||
|
||||
memset( &md5, 0, sizeof( md5_context ) );
|
||||
memset( &sha1, 0, sizeof( sha1_context ) );
|
||||
polarssl_zeroize( &md5, sizeof( md5_context ) );
|
||||
polarssl_zeroize( &sha1, sizeof( sha1_context ) );
|
||||
|
||||
memset( padbuf, 0, sizeof( padbuf ) );
|
||||
polarssl_zeroize( padbuf, sizeof( padbuf ) );
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
|
||||
}
|
||||
|
|
@ -2756,9 +2761,8 @@ static void ssl_calc_finished_tls_sha256(
|
|||
|
||||
SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
|
||||
|
||||
memset( &sha2, 0, sizeof( sha2_context ) );
|
||||
|
||||
memset( padbuf, 0, sizeof( padbuf ) );
|
||||
polarssl_zeroize( &sha2, sizeof( sha2_context ) );
|
||||
polarssl_zeroize( padbuf, sizeof( padbuf ) );
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
|
||||
}
|
||||
|
|
@ -2802,9 +2806,8 @@ static void ssl_calc_finished_tls_sha384(
|
|||
|
||||
SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
|
||||
|
||||
memset( &sha4, 0, sizeof( sha4_context ) );
|
||||
|
||||
memset( padbuf, 0, sizeof( padbuf ) );
|
||||
polarssl_zeroize( &sha4, sizeof( sha4_context ) );
|
||||
polarssl_zeroize( padbuf, sizeof( padbuf ) );
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
|
||||
}
|
||||
|
|
@ -4019,7 +4022,7 @@ void ssl_transform_free( ssl_transform *transform )
|
|||
inflateEnd( &transform->ctx_inflate );
|
||||
#endif
|
||||
|
||||
memset( transform, 0, sizeof( ssl_transform ) );
|
||||
polarssl_zeroize( transform, sizeof( ssl_transform ) );
|
||||
}
|
||||
|
||||
void ssl_handshake_free( ssl_handshake_params *handshake )
|
||||
|
|
@ -4027,7 +4030,7 @@ void ssl_handshake_free( ssl_handshake_params *handshake )
|
|||
#if defined(POLARSSL_DHM_C)
|
||||
dhm_free( &handshake->dhm_ctx );
|
||||
#endif
|
||||
memset( handshake, 0, sizeof( ssl_handshake_params ) );
|
||||
polarssl_zeroize( handshake, sizeof( ssl_handshake_params ) );
|
||||
}
|
||||
|
||||
void ssl_session_free( ssl_session *session )
|
||||
|
|
@ -4038,7 +4041,7 @@ void ssl_session_free( ssl_session *session )
|
|||
free( session->peer_cert );
|
||||
}
|
||||
|
||||
memset( session, 0, sizeof( ssl_session ) );
|
||||
polarssl_zeroize( session, sizeof( ssl_session ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -4052,14 +4055,14 @@ void ssl_free( ssl_context *ssl )
|
|||
|
||||
if( ssl->out_ctr != NULL )
|
||||
{
|
||||
memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
|
||||
free( ssl->out_ctr );
|
||||
polarssl_zeroize( ssl->out_ctr, SSL_BUFFER_LEN );
|
||||
free( ssl->out_ctr );
|
||||
}
|
||||
|
||||
if( ssl->in_ctr != NULL )
|
||||
{
|
||||
memset( ssl->in_ctr, 0, SSL_BUFFER_LEN );
|
||||
free( ssl->in_ctr );
|
||||
polarssl_zeroize( ssl->in_ctr, SSL_BUFFER_LEN );
|
||||
free( ssl->in_ctr );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_DHM_C)
|
||||
|
|
@ -4092,7 +4095,7 @@ void ssl_free( ssl_context *ssl )
|
|||
|
||||
if ( ssl->hostname != NULL)
|
||||
{
|
||||
memset( ssl->hostname, 0, ssl->hostname_len );
|
||||
polarssl_zeroize( ssl->hostname, ssl->hostname_len );
|
||||
free( ssl->hostname );
|
||||
ssl->hostname_len = 0;
|
||||
}
|
||||
|
|
@ -4108,7 +4111,7 @@ void ssl_free( ssl_context *ssl )
|
|||
SSL_DEBUG_MSG( 2, ( "<= free" ) );
|
||||
|
||||
/* Actually clear after last debug message */
|
||||
memset( ssl, 0, sizeof( ssl_context ) );
|
||||
polarssl_zeroize( ssl, sizeof( ssl_context ) );
|
||||
}
|
||||
|
||||
#endif
|
||||
|
|
|
|||
Loading…
Reference in a new issue