Introduce polarssl_zeroize() instead of memset() for zeroization
This commit is contained in:
Paul Bakker
parent
bbcb1ce703
commit
3461772559
36 changed files with 325 additions and 129 deletions
library
|
|
@ -46,6 +46,11 @@
|
|||
|
||||
#include <stdlib.h>
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_PEM_PARSE_C)
|
||||
void pem_init( pem_context *ctx )
|
||||
{
|
||||
|
|
@ -99,8 +104,8 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen,
|
|||
{
|
||||
memcpy( key, md5sum, keylen );
|
||||
|
||||
memset( &md5_ctx, 0, sizeof( md5_ctx ) );
|
||||
memset( md5sum, 0, 16 );
|
||||
polarssl_zeroize( &md5_ctx, sizeof( md5_ctx ) );
|
||||
polarssl_zeroize( md5sum, 16 );
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -121,8 +126,8 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen,
|
|||
|
||||
memcpy( key + 16, md5sum, use_len );
|
||||
|
||||
memset( &md5_ctx, 0, sizeof( md5_ctx ) );
|
||||
memset( md5sum, 0, 16 );
|
||||
polarssl_zeroize( &md5_ctx, sizeof( md5_ctx ) );
|
||||
polarssl_zeroize( md5sum, 16 );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_DES_C)
|
||||
|
|
@ -142,8 +147,8 @@ static void pem_des_decrypt( unsigned char des_iv[8],
|
|||
des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen,
|
||||
des_iv, buf, buf );
|
||||
|
||||
memset( &des_ctx, 0, sizeof( des_ctx ) );
|
||||
memset( des_key, 0, 8 );
|
||||
polarssl_zeroize( &des_ctx, sizeof( des_ctx ) );
|
||||
polarssl_zeroize( des_key, 8 );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -162,8 +167,8 @@ static void pem_des3_decrypt( unsigned char des3_iv[8],
|
|||
des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen,
|
||||
des3_iv, buf, buf );
|
||||
|
||||
memset( &des3_ctx, 0, sizeof( des3_ctx ) );
|
||||
memset( des3_key, 0, 24 );
|
||||
polarssl_zeroize( &des3_ctx, sizeof( des3_ctx ) );
|
||||
polarssl_zeroize( des3_key, 24 );
|
||||
}
|
||||
#endif /* POLARSSL_DES_C */
|
||||
|
||||
|
|
@ -184,8 +189,8 @@ static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
|
|||
aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen,
|
||||
aes_iv, buf, buf );
|
||||
|
||||
memset( &aes_ctx, 0, sizeof( aes_ctx ) );
|
||||
memset( aes_key, 0, keylen );
|
||||
polarssl_zeroize( &aes_ctx, sizeof( aes_ctx ) );
|
||||
polarssl_zeroize( aes_key, keylen );
|
||||
}
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
|
|
@ -373,7 +378,7 @@ void pem_free( pem_context *ctx )
|
|||
polarssl_free( ctx->buf );
|
||||
polarssl_free( ctx->info );
|
||||
|
||||
memset( ctx, 0, sizeof( pem_context ) );
|
||||
polarssl_zeroize( ctx, sizeof( pem_context ) );
|
||||
}
|
||||
#endif /* POLARSSL_PEM_PARSE_C */
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue