AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Rename mbedtls_zeroize to mbedtls_platform_zeroize

Browse Source
This commit is contained in:
Andres Amaya Garcia 2018-04-17 09:51:09 -05:00
parent 904e1efb8c
commit 1f6301b3c8
45 changed files with 216 additions and 218 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
library/aes.c
View File

@ -36,7 +36,7 @@
#include <string.h>
#include "mbedtls/aes.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_PADLOCK_C)
#include "mbedtls/padlock.h"
#endif
@ -518,7 +518,7 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx )
if( ctx == NULL )
return;
mbedtls_zeroize( ctx, sizeof( mbedtls_aes_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) );
}
/*

4
library/arc4.c
View File

@ -33,7 +33,7 @@
#if defined(MBEDTLS_ARC4_C)
#include "mbedtls/arc4.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -58,7 +58,7 @@ void mbedtls_arc4_free( mbedtls_arc4_context *ctx )
if( ctx == NULL )
return;
mbedtls_zeroize( ctx, sizeof( mbedtls_arc4_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_arc4_context ) );
}
/*

6
library/asn1parse.c
View File

@ -28,7 +28,7 @@
#if defined(MBEDTLS_ASN1_PARSE_C)
#include "mbedtls/asn1.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -309,7 +309,7 @@ int mbedtls_asn1_get_alg( unsigned char **p,
if( *p == end )
{
mbedtls_zeroize( params, sizeof(mbedtls_asn1_buf) );
mbedtls_platform_zeroize( params, sizeof(mbedtls_asn1_buf) );
return( 0 );
}
@ -354,7 +354,7 @@ void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur )
mbedtls_free( cur->oid.p );
mbedtls_free( cur->val.p );
mbedtls_zeroize( cur, sizeof( mbedtls_asn1_named_data ) );
mbedtls_platform_zeroize( cur, sizeof( mbedtls_asn1_named_data ) );
}
void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )

18
library/bignum.c
View File

@ -45,6 +45,7 @@
#include "mbedtls/bignum.h"
#include "mbedtls/bn_mul.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -58,16 +59,6 @@
#define mbedtls_free free
#endif
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) {
volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0;
}
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */
#define biL (ciL << 3) /* bits in limb */
#define biH (ciL << 2) /* half limb size */
@ -81,6 +72,11 @@ static void mbedtls_zeroize( void *v, size_t n ) {
#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) )
#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) )
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) {
mbedtls_platform_zeroize( v, ciL * n );
}
/*
* Initialize one MPI
*/
@ -1897,7 +1893,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) );
cleanup:
mbedtls_zeroize( buf, sizeof( buf ) );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
return( ret );
}

4
library/blowfish.c
View File

@ -34,7 +34,7 @@
#if defined(MBEDTLS_BLOWFISH_C)
#include "mbedtls/blowfish.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -161,7 +161,7 @@ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx )
if( ctx == NULL )
return;
mbedtls_zeroize( ctx, sizeof( mbedtls_blowfish_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_blowfish_context ) );
}
/*

4
library/camellia.c
View File

@ -34,7 +34,7 @@
#if defined(MBEDTLS_CAMELLIA_C)
#include "mbedtls/camellia.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -329,7 +329,7 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx )
if( ctx == NULL )
return;
mbedtls_zeroize( ctx, sizeof( mbedtls_camellia_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) );
}
/*

6
library/ccm.c
View File

@ -37,7 +37,7 @@
#if defined(MBEDTLS_CCM_C)
#include "mbedtls/ccm.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -98,7 +98,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
{
mbedtls_cipher_free( &ctx->cipher_ctx );
mbedtls_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
}
/*
@ -339,7 +339,7 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
if( diff != 0 )
{
mbedtls_zeroize( output, length );
mbedtls_platform_zeroize( output, length );
return( MBEDTLS_ERR_CCM_AUTH_FAILED );
}

7
library/cipher.c
View File

@ -33,7 +33,7 @@
#include "mbedtls/cipher.h"
#include "mbedtls/cipher_internal.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <stdlib.h>
#include <string.h>
@ -137,7 +137,8 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
#if defined(MBEDTLS_CMAC_C)
if( ctx->cmac_ctx )
{
mbedtls_zeroize( ctx->cmac_ctx, sizeof( mbedtls_cmac_context_t ) );
mbedtls_platform_zeroize( ctx->cmac_ctx,
sizeof( mbedtls_cmac_context_t ) );
mbedtls_free( ctx->cmac_ctx );
}
#endif
@ -145,7 +146,7 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
if( ctx->cipher_ctx )
ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
mbedtls_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
}
int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info )

32
library/cmac.c
View File

@ -49,7 +49,7 @@
#if defined(MBEDTLS_CMAC_C)
#include "mbedtls/cmac.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -140,7 +140,7 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx,
unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX];
size_t olen, block_size;
mbedtls_zeroize( L, sizeof( L ) );
mbedtls_platform_zeroize( L, sizeof( L ) );
block_size = ctx->cipher_info->block_size;
@ -158,7 +158,7 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx,
goto exit;
exit:
mbedtls_zeroize( L, sizeof( L ) );
mbedtls_platform_zeroize( L, sizeof( L ) );
return( ret );
}
@ -234,7 +234,7 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
ctx->cmac_ctx = cmac_ctx;
mbedtls_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) );
mbedtls_platform_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) );
return 0;
}
@ -326,8 +326,8 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
block_size = ctx->cipher_info->block_size;
state = cmac_ctx->state;
mbedtls_zeroize( K1, sizeof( K1 ) );
mbedtls_zeroize( K2, sizeof( K2 ) );
mbedtls_platform_zeroize( K1, sizeof( K1 ) );
mbedtls_platform_zeroize( K2, sizeof( K2 ) );
cmac_generate_subkeys( ctx, K1, K2 );
last_block = cmac_ctx->unprocessed_block;
@ -357,14 +357,14 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
exit:
/* Wipe the generated keys on the stack, and any other transients to avoid
* side channel leakage */
mbedtls_zeroize( K1, sizeof( K1 ) );
mbedtls_zeroize( K2, sizeof( K2 ) );
mbedtls_platform_zeroize( K1, sizeof( K1 ) );
mbedtls_platform_zeroize( K2, sizeof( K2 ) );
cmac_ctx->unprocessed_len = 0;
mbedtls_zeroize( cmac_ctx->unprocessed_block,
sizeof( cmac_ctx->unprocessed_block ) );
mbedtls_platform_zeroize( cmac_ctx->unprocessed_block,
sizeof( cmac_ctx->unprocessed_block ) );
mbedtls_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX );
mbedtls_platform_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX );
return( ret );
}
@ -379,10 +379,10 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx )
/* Reset the internal state */
cmac_ctx->unprocessed_len = 0;
mbedtls_zeroize( cmac_ctx->unprocessed_block,
sizeof( cmac_ctx->unprocessed_block ) );
mbedtls_zeroize( cmac_ctx->state,
sizeof( cmac_ctx->state ) );
mbedtls_platform_zeroize( cmac_ctx->unprocessed_block,
sizeof( cmac_ctx->unprocessed_block ) );
mbedtls_platform_zeroize( cmac_ctx->state,
sizeof( cmac_ctx->state ) );
return( 0 );
}
@ -462,7 +462,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
output );
exit:
mbedtls_zeroize( int_key, sizeof( int_key ) );
mbedtls_platform_zeroize( int_key, sizeof( int_key ) );
return( ret );
}

18
library/ctr_drbg.c
View File

@ -33,7 +33,7 @@
#if defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -121,7 +121,7 @@ void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
mbedtls_mutex_free( &ctx->mutex );
#endif
mbedtls_aes_free( &ctx->aes_ctx );
mbedtls_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
}
void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, int resistance )
@ -241,16 +241,16 @@ exit:
/*
* tidy up the stack
*/
mbedtls_zeroize( buf, sizeof( buf ) );
mbedtls_zeroize( tmp, sizeof( tmp ) );
mbedtls_zeroize( key, sizeof( key ) );
mbedtls_zeroize( chain, sizeof( chain ) );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
mbedtls_platform_zeroize( key, sizeof( key ) );
mbedtls_platform_zeroize( chain, sizeof( chain ) );
if( 0 != ret )
{
/*
* wipe partial seed from memory
*/
mbedtls_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN );
mbedtls_platform_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN );
}
return( ret );
@ -489,7 +489,7 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char
ret = 0;
exit:
mbedtls_zeroize( buf, sizeof( buf ) );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
fclose( f );
return( ret );
@ -522,7 +522,7 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char
fclose( f );
mbedtls_zeroize( buf, sizeof( buf ) );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
if( ret != 0 )
return( ret );

14
library/des.c
View File

@ -34,7 +34,7 @@
#if defined(MBEDTLS_DES_C)
#include "mbedtls/des.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -312,7 +312,7 @@ void mbedtls_des_free( mbedtls_des_context *ctx )
if( ctx == NULL )
return;
mbedtls_zeroize( ctx, sizeof( mbedtls_des_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des_context ) );
}
void mbedtls_des3_init( mbedtls_des3_context *ctx )
@ -325,7 +325,7 @@ void mbedtls_des3_free( mbedtls_des3_context *ctx )
if( ctx == NULL )
return;
mbedtls_zeroize( ctx, sizeof( mbedtls_des3_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des3_context ) );
}
static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
@ -549,7 +549,7 @@ int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
uint32_t sk[96];
des3_set2key( ctx->sk, sk, key );
mbedtls_zeroize( sk, sizeof( sk ) );
mbedtls_platform_zeroize( sk, sizeof( sk ) );
return( 0 );
}
@ -563,7 +563,7 @@ int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
uint32_t sk[96];
des3_set2key( sk, ctx->sk, key );
mbedtls_zeroize( sk, sizeof( sk ) );
mbedtls_platform_zeroize( sk, sizeof( sk ) );
return( 0 );
}
@ -600,7 +600,7 @@ int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
uint32_t sk[96];
des3_set3key( ctx->sk, sk, key );
mbedtls_zeroize( sk, sizeof( sk ) );
mbedtls_platform_zeroize( sk, sizeof( sk ) );
return( 0 );
}
@ -614,7 +614,7 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
uint32_t sk[96];
des3_set3key( sk, ctx->sk, key );
mbedtls_zeroize( sk, sizeof( sk ) );
mbedtls_platform_zeroize( sk, sizeof( sk ) );
return( 0 );
}

8
library/dhm.c
View File

@ -36,7 +36,7 @@
#if defined(MBEDTLS_DHM_C)
#include "mbedtls/dhm.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -434,7 +434,7 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx )
mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X );
mbedtls_mpi_free( &ctx->G ); mbedtls_mpi_free( &ctx->P );
mbedtls_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
}
#if defined(MBEDTLS_ASN1_PARSE_C)
@ -572,7 +572,7 @@ static int load_file( const char *path, unsigned char **buf, size_t *n )
{
fclose( f );
mbedtls_zeroize( *buf, *n + 1 );
mbedtls_platform_zeroize( *buf, *n + 1 );
mbedtls_free( *buf );
return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
@ -602,7 +602,7 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
ret = mbedtls_dhm_parse_dhm( dhm, buf, n );
mbedtls_zeroize( buf, n );
mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf );
return( ret );

4
library/ecp.c
View File

@ -51,7 +51,7 @@
#include "mbedtls/ecp.h"
#include "mbedtls/threading.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -344,7 +344,7 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp )
mbedtls_free( grp->T );
}
mbedtls_zeroize( grp, sizeof( mbedtls_ecp_group ) );
mbedtls_platform_zeroize( grp, sizeof( mbedtls_ecp_group ) );
}
/*

14
library/entropy.c
View File

@ -35,7 +35,7 @@
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -136,7 +136,7 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
ctx->initial_entropy_run = 0;
#endif
ctx->source_count = 0;
mbedtls_zeroize( ctx->source, sizeof( ctx->source ) );
mbedtls_platform_zeroize( ctx->source, sizeof( ctx->source ) );
ctx->accumulator_started = 0;
}
@ -228,7 +228,7 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id
#endif
cleanup:
mbedtls_zeroize( tmp, sizeof( tmp ) );
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
return( ret );
}
@ -296,7 +296,7 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx )
ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE;
cleanup:
mbedtls_zeroize( buf, sizeof( buf ) );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
return( ret );
}
@ -429,7 +429,7 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
ret = 0;
exit:
mbedtls_zeroize( buf, sizeof( buf ) );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
#if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
@ -482,7 +482,7 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p
ret = 0;
exit:
mbedtls_zeroize( buf, sizeof( buf ) );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
fclose( f );
return( ret );
@ -512,7 +512,7 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *
fclose( f );
mbedtls_zeroize( buf, sizeof( buf ) );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
if( ret != 0 )
return( ret );

6
library/gcm.c
View File

@ -38,7 +38,7 @@
#if defined(MBEDTLS_GCM_C)
#include "mbedtls/gcm.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -494,7 +494,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
if( diff != 0 )
{
mbedtls_zeroize( output, length );
mbedtls_platform_zeroize( output, length );
return( MBEDTLS_ERR_GCM_AUTH_FAILED );
}
@ -504,7 +504,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
{
mbedtls_cipher_free( &ctx->cipher_ctx );
mbedtls_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
}
#endif /* !MBEDTLS_GCM_ALT */

4
library/havege.c
View File

@ -36,7 +36,7 @@
#include "mbedtls/havege.h"
#include "mbedtls/timing.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -204,7 +204,7 @@ void mbedtls_havege_free( mbedtls_havege_state *hs )
if( hs == NULL )
return;
mbedtls_zeroize( hs, sizeof( mbedtls_havege_state ) );
mbedtls_platform_zeroize( hs, sizeof( mbedtls_havege_state ) );
}
/*

8
library/hmac_drbg.c
View File

@ -34,7 +34,7 @@
#if defined(MBEDTLS_HMAC_DRBG_C)
#include "mbedtls/hmac_drbg.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -334,7 +334,7 @@ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx )
mbedtls_mutex_free( &ctx->mutex );
#endif
mbedtls_md_free( &ctx->md_ctx );
mbedtls_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) );
}
#if defined(MBEDTLS_FS_IO)
@ -360,7 +360,7 @@ int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const cha
exit:
fclose( f );
mbedtls_zeroize( buf, sizeof( buf ) );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
return( ret );
}
@ -392,7 +392,7 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch
fclose( f );
mbedtls_zeroize( buf, sizeof( buf ) );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
if( ret != 0 )
return( ret );

11
library/md.c
View File

@ -33,7 +33,7 @@
#include "mbedtls/md.h"
#include "mbedtls/md_internal.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
@ -189,11 +189,12 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx )
if( ctx->hmac_ctx != NULL )
{
mbedtls_zeroize( ctx->hmac_ctx, 2 * ctx->md_info->block_size );
mbedtls_platform_zeroize( ctx->hmac_ctx,
2 * ctx->md_info->block_size );
mbedtls_free( ctx->hmac_ctx );
}
mbedtls_zeroize( ctx, sizeof( mbedtls_md_context_t ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) );
}
int mbedtls_md_clone( mbedtls_md_context_t *dst,
@ -307,7 +308,7 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne
ret = md_info->finish_func( ctx.md_ctx, output );
cleanup:
mbedtls_zeroize( buf, sizeof( buf ) );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
fclose( f );
mbedtls_md_free( &ctx );
@ -357,7 +358,7 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
goto cleanup;
cleanup:
mbedtls_zeroize( sum, sizeof( sum ) );
mbedtls_platform_zeroize( sum, sizeof( sum ) );
return( ret );
}

4
library/md2.c
View File

@ -34,7 +34,7 @@
#if defined(MBEDTLS_MD2_C)
#include "mbedtls/md2.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -89,7 +89,7 @@ void mbedtls_md2_free( mbedtls_md2_context *ctx )
if( ctx == NULL )
return;
mbedtls_zeroize( ctx, sizeof( mbedtls_md2_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md2_context ) );
}
void mbedtls_md2_clone( mbedtls_md2_context *dst,

4
library/md4.c
View File

@ -34,7 +34,7 @@
#if defined(MBEDTLS_MD4_C)
#include "mbedtls/md4.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -82,7 +82,7 @@ void mbedtls_md4_free( mbedtls_md4_context *ctx )
if( ctx == NULL )
return;
mbedtls_zeroize( ctx, sizeof( mbedtls_md4_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md4_context ) );
}
void mbedtls_md4_clone( mbedtls_md4_context *dst,

4
library/md5.c
View File

@ -33,7 +33,7 @@
#if defined(MBEDTLS_MD5_C)
#include "mbedtls/md5.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -81,7 +81,7 @@ void mbedtls_md5_free( mbedtls_md5_context *ctx )
if( ctx == NULL )
return;
mbedtls_zeroize( ctx, sizeof( mbedtls_md5_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md5_context ) );
}
void mbedtls_md5_clone( mbedtls_md5_context *dst,

4
library/memory_buffer_alloc.c
View File

@ -31,7 +31,7 @@
/* No need for the header guard as MBEDTLS_MEMORY_BUFFER_ALLOC_C
is dependent upon MBEDTLS_PLATFORM_C */
#include "mbedtls/platform.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -608,7 +608,7 @@ void mbedtls_memory_buffer_alloc_free( void )
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_free( &heap.mutex );
#endif
mbedtls_zeroize( &heap, sizeof(buffer_alloc_ctx) );
mbedtls_platform_zeroize( &heap, sizeof(buffer_alloc_ctx) );
}
#if defined(MBEDTLS_SELF_TEST)

22
library/pem.c
View File

@ -33,7 +33,7 @@
#include "mbedtls/aes.h"
#include "mbedtls/md5.h"
#include "mbedtls/cipher.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -131,7 +131,7 @@ static int pem_pbkdf1( unsigned char *key, size_t keylen,
exit:
mbedtls_md5_free( &md5_ctx );
mbedtls_zeroize( md5sum, 16 );
mbedtls_platform_zeroize( md5sum, 16 );
return( ret );
}
@ -160,7 +160,7 @@ static int pem_des_decrypt( unsigned char des_iv[8],
exit:
mbedtls_des_free( &des_ctx );
mbedtls_zeroize( des_key, 8 );
mbedtls_platform_zeroize( des_key, 8 );
return( ret );
}
@ -188,7 +188,7 @@ static int pem_des3_decrypt( unsigned char des3_iv[8],
exit:
mbedtls_des3_free( &des3_ctx );
mbedtls_zeroize( des3_key, 24 );
mbedtls_platform_zeroize( des3_key, 24 );
return( ret );
}
@ -218,7 +218,7 @@ static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
exit:
mbedtls_aes_free( &aes_ctx );
mbedtls_zeroize( aes_key, keylen );
mbedtls_platform_zeroize( aes_key, keylen );
return( ret );
}
@ -355,7 +355,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 )
{
mbedtls_zeroize( buf, len );
mbedtls_platform_zeroize( buf, len );
mbedtls_free( buf );
return( MBEDTLS_ERR_PEM_INVALID_DATA + ret );
}
@ -366,7 +366,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
if( pwd == NULL )
{
mbedtls_zeroize( buf, len );
mbedtls_platform_zeroize( buf, len );
mbedtls_free( buf );
return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED );
}
@ -403,12 +403,12 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
*/
if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
{
mbedtls_zeroize( buf, len );
mbedtls_platform_zeroize( buf, len );
mbedtls_free( buf );
return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH );
}
#else
mbedtls_zeroize( buf, len );
mbedtls_platform_zeroize( buf, len );
mbedtls_free( buf );
return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
@ -424,11 +424,11 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
void mbedtls_pem_free( mbedtls_pem_context *ctx )
{
if( ctx->buf != NULL )
mbedtls_zeroize( ctx->buf, ctx->buflen );
mbedtls_platform_zeroize( ctx->buf, ctx->buflen );
mbedtls_free( ctx->buf );
mbedtls_free( ctx->info );
mbedtls_zeroize( ctx, sizeof( mbedtls_pem_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) );
}
#endif /* MBEDTLS_PEM_PARSE_C */

4
library/pk.c
View File

@ -29,7 +29,7 @@
#include "mbedtls/pk.h"
#include "mbedtls/pk_internal.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_RSA_C)
#include "mbedtls/rsa.h"
@ -66,7 +66,7 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx )
ctx->pk_info->ctx_free_func( ctx->pk_ctx );
mbedtls_zeroize( ctx, sizeof( mbedtls_pk_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) );
}
/*

4
library/pk_wrap.c
View File

@ -42,7 +42,7 @@
#endif
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#endif
#if defined(MBEDTLS_PLATFORM_C)
@ -495,7 +495,7 @@ static void *rsa_alt_alloc_wrap( void )
static void rsa_alt_free_wrap( void *ctx )
{
mbedtls_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
mbedtls_free( ctx );
}

16
library/pkcs12.c
View File

@ -36,7 +36,7 @@
#include "mbedtls/pkcs12.h"
#include "mbedtls/asn1.h"
#include "mbedtls/cipher.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -162,7 +162,7 @@ int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
goto exit;
exit:
mbedtls_zeroize( key, sizeof( key ) );
mbedtls_platform_zeroize( key, sizeof( key ) );
mbedtls_arc4_free( &ctx );
return( ret );
@ -219,8 +219,8 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH;
exit:
mbedtls_zeroize( key, sizeof( key ) );
mbedtls_zeroize( iv, sizeof( iv ) );
mbedtls_platform_zeroize( key, sizeof( key ) );
mbedtls_platform_zeroize( iv, sizeof( iv ) );
mbedtls_cipher_free( &cipher_ctx );
return( ret );
@ -348,10 +348,10 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
ret = 0;
exit:
mbedtls_zeroize( salt_block, sizeof( salt_block ) );
mbedtls_zeroize( pwd_block, sizeof( pwd_block ) );
mbedtls_zeroize( hash_block, sizeof( hash_block ) );
mbedtls_zeroize( hash_output, sizeof( hash_output ) );
mbedtls_platform_zeroize( salt_block, sizeof( salt_block ) );
mbedtls_platform_zeroize( pwd_block, sizeof( pwd_block ) );
mbedtls_platform_zeroize( hash_block, sizeof( hash_block ) );
mbedtls_platform_zeroize( hash_output, sizeof( hash_output ) );
mbedtls_md_free( &md_ctx );

10
library/pkparse.c
View File

@ -30,7 +30,7 @@
#include "mbedtls/pk.h"
#include "mbedtls/asn1.h"
#include "mbedtls/oid.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -98,7 +98,7 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
{
fclose( f );
mbedtls_zeroize( *buf, *n );
mbedtls_platform_zeroize( *buf, *n );
mbedtls_free( *buf );
return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
@ -133,7 +133,7 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
ret = mbedtls_pk_parse_key( ctx, buf, n,
(const unsigned char *) pwd, strlen( pwd ) );
mbedtls_zeroize( buf, n );
mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf );
return( ret );
@ -153,7 +153,7 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
ret = mbedtls_pk_parse_public_key( ctx, buf, n );
mbedtls_zeroize( buf, n );
mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf );
return( ret );
@ -1288,7 +1288,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
pwd, pwdlen );
mbedtls_zeroize( key_copy, keylen );
mbedtls_platform_zeroize( key_copy, keylen );
mbedtls_free( key_copy );
}

11
library/platform.c
View File

@ -28,14 +28,7 @@
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#if defined(MBEDTLS_ENTROPY_NV_SEED) && \
!defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
}
#endif
#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_PLATFORM_MEMORY)
#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
@ -241,7 +234,7 @@ int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len )
if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len )
{
fclose( file );
mbedtls_zeroize( buf, buf_len );
mbedtls_platform_zeroize( buf, buf_len );
return( -1 );
}

2
library/platform_util.c
View File

@ -26,7 +26,7 @@
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <stddef.h>
#include <string.h>

4
library/ripemd160.c
View File

@ -34,7 +34,7 @@
#if defined(MBEDTLS_RIPEMD160_C)
#include "mbedtls/ripemd160.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -82,7 +82,7 @@ void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx )
if( ctx == NULL )
return;
mbedtls_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) );
}
void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,

18
library/rsa.c
View File

@ -48,7 +48,7 @@
#include "mbedtls/rsa.h"
#include "mbedtls/rsa_internal.h"
#include "mbedtls/oid.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -1038,7 +1038,7 @@ static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src,
}
exit:
mbedtls_zeroize( mask, sizeof( mask ) );
mbedtls_platform_zeroize( mask, sizeof( mask ) );
return( ret );
}
@ -1352,8 +1352,8 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
ret = 0;
cleanup:
mbedtls_zeroize( buf, sizeof( buf ) );
mbedtls_zeroize( lhash, sizeof( lhash ) );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
mbedtls_platform_zeroize( lhash, sizeof( lhash ) );
return( ret );
}
@ -1450,7 +1450,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
ret = 0;
cleanup:
mbedtls_zeroize( buf, sizeof( buf ) );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
return( ret );
}
@ -1581,7 +1581,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
p += hlen;
*p++ = 0xBC;
mbedtls_zeroize( salt, sizeof( salt ) );
mbedtls_platform_zeroize( salt, sizeof( salt ) );
exit:
mbedtls_md_free( &md_ctx );
@ -1723,7 +1723,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
* after the initial bounds check. */
if( p != dst + dst_len )
{
mbedtls_zeroize( dst, dst_len );
mbedtls_platform_zeroize( dst, dst_len );
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
@ -2060,13 +2060,13 @@ cleanup:
if( encoded != NULL )
{
mbedtls_zeroize( encoded, sig_len );
mbedtls_platform_zeroize( encoded, sig_len );
mbedtls_free( encoded );
}
if( encoded_expected != NULL )
{
mbedtls_zeroize( encoded_expected, sig_len );
mbedtls_platform_zeroize( encoded_expected, sig_len );
mbedtls_free( encoded_expected );
}

4
library/sha1.c
View File

@ -33,7 +33,7 @@
#if defined(MBEDTLS_SHA1_C)
#include "mbedtls/sha1.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -81,7 +81,7 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx )
if( ctx == NULL )
return;
mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
}
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,

4
library/sha256.c
View File

@ -33,7 +33,7 @@
#if defined(MBEDTLS_SHA256_C)
#include "mbedtls/sha256.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -84,7 +84,7 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
if( ctx == NULL )
return;
mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
}
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,

4
library/sha512.c
View File

@ -33,7 +33,7 @@
#if defined(MBEDTLS_SHA512_C)
#include "mbedtls/sha512.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#if defined(_MSC_VER) || defined(__WATCOMC__)
#define UL64(x) x##ui64
@ -98,7 +98,7 @@ void mbedtls_sha512_free( mbedtls_sha512_context *ctx )
if( ctx == NULL )
return;
mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
}
void mbedtls_sha512_clone( mbedtls_sha512_context *dst,

6
library/ssl_cli.c
View File

@ -48,7 +48,7 @@
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#endif
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@ -3286,8 +3286,8 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
if( ticket_len == 0 )
return( 0 );
mbedtls_zeroize( ssl->session_negotiate->ticket,
ssl->session_negotiate->ticket_len );
mbedtls_platform_zeroize( ssl->session_negotiate->ticket,
ssl->session_negotiate->ticket_len );
mbedtls_free( ssl->session_negotiate->ticket );
ssl->session_negotiate->ticket = NULL;
ssl->session_negotiate->ticket_len = 0;

6
library/ssl_cookie.c
View File

@ -40,7 +40,7 @@
#include "mbedtls/ssl_cookie.h"
#include "mbedtls/ssl_internal.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -97,7 +97,7 @@ void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
mbedtls_mutex_free( &ctx->mutex );
#endif
mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
}
int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
@ -118,7 +118,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
if( ret != 0 )
return( ret );
mbedtls_zeroize( key, sizeof( key ) );
mbedtls_platform_zeroize( key, sizeof( key ) );
return( 0 );
}

4
library/ssl_srv.c
View File

@ -50,7 +50,7 @@
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
@ -550,7 +550,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
memcpy( ssl->session_negotiate, &session, sizeof( mbedtls_ssl_session ) );
/* Zeroize instead of free as we copied the content */
mbedtls_zeroize( &session, sizeof( mbedtls_ssl_session ) );
mbedtls_platform_zeroize( &session, sizeof( mbedtls_ssl_session ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from ticket" ) );

6
library/ssl_ticket.c
View File

@ -36,7 +36,7 @@
#endif
#include "mbedtls/ssl_ticket.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -79,7 +79,7 @@ static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
mbedtls_cipher_get_key_bitlen( &key->ctx ),
MBEDTLS_ENCRYPT );
mbedtls_zeroize( buf, sizeof( buf ) );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
return( ret );
}
@ -479,7 +479,7 @@ void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx )
mbedtls_mutex_free( &ctx->mutex );
#endif
mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) );
}
#endif /* MBEDTLS_SSL_TICKET_C */

68
library/ssl_tls.c
View File

@ -46,7 +46,7 @@
#include "mbedtls/debug.h"
#include "mbedtls/ssl.h"
#include "mbedtls/ssl_internal.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -265,8 +265,8 @@ exit:
mbedtls_md5_free( &md5 );
mbedtls_sha1_free( &sha1 );
mbedtls_zeroize( padding, sizeof( padding ) );
mbedtls_zeroize( sha1sum, sizeof( sha1sum ) );
mbedtls_platform_zeroize( padding, sizeof( padding ) );
mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) );
return( ret );
}
@ -363,8 +363,8 @@ static int tls1_prf( const unsigned char *secret, size_t slen,
mbedtls_md_free( &md_ctx );
mbedtls_zeroize( tmp, sizeof( tmp ) );
mbedtls_zeroize( h_i, sizeof( h_i ) );
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
return( 0 );
}
@ -428,8 +428,8 @@ static int tls_prf_generic( mbedtls_md_type_t md_type,
mbedtls_md_free( &md_ctx );
mbedtls_zeroize( tmp, sizeof( tmp ) );
mbedtls_zeroize( h_i, sizeof( h_i ) );
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
return( 0 );
}
@ -638,7 +638,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
return( ret );
}
mbedtls_zeroize( handshake->premaster, sizeof(handshake->premaster) );
mbedtls_platform_zeroize( handshake->premaster,
sizeof(handshake->premaster) );
}
else
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
@ -649,7 +650,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
memcpy( tmp, handshake->randbytes, 64 );
memcpy( handshake->randbytes, tmp + 32, 32 );
memcpy( handshake->randbytes + 32, tmp, 32 );
mbedtls_zeroize( tmp, sizeof( tmp ) );
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
/*
* SSLv3:
@ -677,7 +678,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 );
MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
mbedtls_zeroize( handshake->randbytes, sizeof( handshake->randbytes ) );
mbedtls_platform_zeroize( handshake->randbytes,
sizeof( handshake->randbytes ) );
/*
* Determine the appropriate key, IV and MAC length.
@ -944,7 +946,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
mbedtls_zeroize( keyblk, sizeof( keyblk ) );
mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
#if defined(MBEDTLS_ZLIB_SUPPORT)
// Initialize compression
@ -5023,9 +5025,9 @@ static void ssl_calc_finished_ssl(
mbedtls_md5_free( &md5 );
mbedtls_sha1_free( &sha1 );
mbedtls_zeroize( padbuf, sizeof( padbuf ) );
mbedtls_zeroize( md5sum, sizeof( md5sum ) );
mbedtls_zeroize( sha1sum, sizeof( sha1sum ) );
mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
mbedtls_platform_zeroize( md5sum, sizeof( md5sum ) );
mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
}
@ -5084,7 +5086,7 @@ static void ssl_calc_finished_tls(
mbedtls_md5_free( &md5 );
mbedtls_sha1_free( &sha1 );
mbedtls_zeroize( padbuf, sizeof( padbuf ) );
mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
}
@ -5134,7 +5136,7 @@ static void ssl_calc_finished_tls_sha256(
mbedtls_sha256_free( &sha256 );
mbedtls_zeroize( padbuf, sizeof( padbuf ) );
mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
}
@ -5183,7 +5185,7 @@ static void ssl_calc_finished_tls_sha384(
mbedtls_sha512_free( &sha512 );
mbedtls_zeroize( padbuf, sizeof( padbuf ) );
mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
}
@ -6102,7 +6104,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
if( conf->psk != NULL )
{
mbedtls_zeroize( conf->psk, conf->psk_len );
mbedtls_platform_zeroize( conf->psk, conf->psk_len );
mbedtls_free( conf->psk );
conf->psk = NULL;
@ -6145,7 +6147,8 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
if( ssl->handshake->psk != NULL )
{
mbedtls_zeroize( ssl->handshake->psk, ssl->handshake->psk_len );
mbedtls_platform_zeroize( ssl->handshake->psk,
ssl->handshake->psk_len );
mbedtls_free( ssl->handshake->psk );
ssl->handshake->psk_len = 0;
}
@ -6275,7 +6278,7 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
if( ssl->hostname != NULL )
{
mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) );
mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
mbedtls_free( ssl->hostname );
}
@ -7388,7 +7391,7 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform )
mbedtls_md_free( &transform->md_ctx_enc );
mbedtls_md_free( &transform->md_ctx_dec );
mbedtls_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@ -7448,7 +7451,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake )
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( handshake->psk != NULL )
{
mbedtls_zeroize( handshake->psk, handshake->psk_len );
mbedtls_platform_zeroize( handshake->psk, handshake->psk_len );
mbedtls_free( handshake->psk );
}
#endif
@ -7478,7 +7481,8 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake )
ssl_flight_free( handshake->flight );
#endif
mbedtls_zeroize( handshake, sizeof( mbedtls_ssl_handshake_params ) );
mbedtls_platform_zeroize( handshake,
sizeof( mbedtls_ssl_handshake_params ) );
}
void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
@ -7498,7 +7502,7 @@ void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
mbedtls_free( session->ticket );
#endif
mbedtls_zeroize( session, sizeof( mbedtls_ssl_session ) );
mbedtls_platform_zeroize( session, sizeof( mbedtls_ssl_session ) );
}
/*
@ -7513,20 +7517,20 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
if( ssl->out_buf != NULL )
{
mbedtls_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN );
mbedtls_platform_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN );
mbedtls_free( ssl->out_buf );
}
if( ssl->in_buf != NULL )
{
mbedtls_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN );
mbedtls_platform_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN );
mbedtls_free( ssl->in_buf );
}
#if defined(MBEDTLS_ZLIB_SUPPORT)
if( ssl->compress_buf != NULL )
{
mbedtls_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN );
mbedtls_platform_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN );
mbedtls_free( ssl->compress_buf );
}
#endif
@ -7557,7 +7561,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if( ssl->hostname != NULL )
{
mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) );
mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
mbedtls_free( ssl->hostname );
}
#endif
@ -7577,7 +7581,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) );
/* Actually clear after last debug message */
mbedtls_zeroize( ssl, sizeof( mbedtls_ssl_context ) );
mbedtls_platform_zeroize( ssl, sizeof( mbedtls_ssl_context ) );
}
/*
@ -7804,7 +7808,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( conf->psk != NULL )
{
mbedtls_zeroize( conf->psk, conf->psk_len );
mbedtls_platform_zeroize( conf->psk, conf->psk_len );
mbedtls_free( conf->psk );
conf->psk = NULL;
conf->psk_len = 0;
@ -7812,7 +7816,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
if( conf->psk_identity != NULL )
{
mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len );
mbedtls_platform_zeroize( conf->psk_identity, conf->psk_identity_len );
mbedtls_free( conf->psk_identity );
conf->psk_identity = NULL;
conf->psk_identity_len = 0;
@ -7823,7 +7827,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
ssl_key_cert_free( conf->key_cert );
#endif
mbedtls_zeroize( conf, sizeof( mbedtls_ssl_config ) );
mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) );
}
#if defined(MBEDTLS_PK_C) && \

13
library/x509_crl.c
View File

@ -39,7 +39,7 @@
#include "mbedtls/x509_crl.h"
#include "mbedtls/oid.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -612,7 +612,7 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path )
ret = mbedtls_x509_crl_parse( chain, buf, n );
mbedtls_zeroize( buf, n );
mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf );
return( ret );
@ -733,7 +733,7 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl )
{
name_prv = name_cur;
name_cur = name_cur->next;
mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
mbedtls_free( name_prv );
}
@ -742,13 +742,14 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl )
{
entry_prv = entry_cur;
entry_cur = entry_cur->next;
mbedtls_zeroize( entry_prv, sizeof( mbedtls_x509_crl_entry ) );
mbedtls_platform_zeroize( entry_prv,
sizeof( mbedtls_x509_crl_entry ) );
mbedtls_free( entry_prv );
}
if( crl_cur->raw.p != NULL )
{
mbedtls_zeroize( crl_cur->raw.p, crl_cur->raw.len );
mbedtls_platform_zeroize( crl_cur->raw.p, crl_cur->raw.len );
mbedtls_free( crl_cur->raw.p );
}
@ -762,7 +763,7 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl )
crl_prv = crl_cur;
crl_cur = crl_cur->next;
mbedtls_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) );
mbedtls_platform_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) );
if( crl_prv != crl )
mbedtls_free( crl_prv );
}

18
library/x509_crt.c
View File

@ -41,7 +41,7 @@
#include "mbedtls/x509_crt.h"
#include "mbedtls/oid.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <stdio.h>
#include <string.h>
@ -1111,7 +1111,7 @@ int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path )
ret = mbedtls_x509_crt_parse( chain, buf, n );
mbedtls_zeroize( buf, n );
mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf );
return( ret );
@ -2422,7 +2422,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
{
name_prv = name_cur;
name_cur = name_cur->next;
mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
mbedtls_free( name_prv );
}
@ -2431,7 +2431,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
{
name_prv = name_cur;
name_cur = name_cur->next;
mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
mbedtls_free( name_prv );
}
@ -2440,7 +2440,8 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
{
seq_prv = seq_cur;
seq_cur = seq_cur->next;
mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) );
mbedtls_platform_zeroize( seq_prv,
sizeof( mbedtls_x509_sequence ) );
mbedtls_free( seq_prv );
}
@ -2449,13 +2450,14 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
{
seq_prv = seq_cur;
seq_cur = seq_cur->next;
mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) );
mbedtls_platform_zeroize( seq_prv,
sizeof( mbedtls_x509_sequence ) );
mbedtls_free( seq_prv );
}
if( cert_cur->raw.p != NULL )
{
mbedtls_zeroize( cert_cur->raw.p, cert_cur->raw.len );
mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len );
mbedtls_free( cert_cur->raw.p );
}
@ -2469,7 +2471,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
cert_prv = cert_cur;
cert_cur = cert_cur->next;
mbedtls_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) );
mbedtls_platform_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) );
if( cert_prv != crt )
mbedtls_free( cert_prv );
}

10
library/x509_csr.c
View File

@ -39,7 +39,7 @@
#include "mbedtls/x509_csr.h"
#include "mbedtls/oid.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -321,7 +321,7 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path )
ret = mbedtls_x509_csr_parse( csr, buf, n );
mbedtls_zeroize( buf, n );
mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf );
return( ret );
@ -403,17 +403,17 @@ void mbedtls_x509_csr_free( mbedtls_x509_csr *csr )
{
name_prv = name_cur;
name_cur = name_cur->next;
mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
mbedtls_free( name_prv );
}
if( csr->raw.p != NULL )
{
mbedtls_zeroize( csr->raw.p, csr->raw.len );
mbedtls_platform_zeroize( csr->raw.p, csr->raw.len );
mbedtls_free( csr->raw.p );
}
mbedtls_zeroize( csr, sizeof( mbedtls_x509_csr ) );
mbedtls_platform_zeroize( csr, sizeof( mbedtls_x509_csr ) );
}
#endif /* MBEDTLS_X509_CSR_PARSE_C */

4
library/x509write_crt.c
View File

@ -37,7 +37,7 @@
#include "mbedtls/oid.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/sha1.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -61,7 +61,7 @@ void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx )
mbedtls_asn1_free_named_data_list( &ctx->issuer );
mbedtls_asn1_free_named_data_list( &ctx->extensions );
mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_cert ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_cert ) );
}
void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version )

4
library/x509write_csr.c
View File

@ -35,7 +35,7 @@
#include "mbedtls/x509_csr.h"
#include "mbedtls/oid.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
#include <stdlib.h>
@ -54,7 +54,7 @@ void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx )
mbedtls_asn1_free_named_data_list( &ctx->subject );
mbedtls_asn1_free_named_data_list( &ctx->extensions );
mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_csr ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_csr ) );
}
void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg )

4
library/xtea.c
View File

@ -28,7 +28,7 @@
#if defined(MBEDTLS_XTEA_C)
#include "mbedtls/xtea.h"
#include "mbedtls/utils.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@ -76,7 +76,7 @@ void mbedtls_xtea_free( mbedtls_xtea_context *ctx )
if( ctx == NULL )
return;
mbedtls_zeroize( ctx, sizeof( mbedtls_xtea_context ) );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_xtea_context ) );
}
/*