feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add ForceZero() to force memset(0)

Browse Source
This commit is contained in:
toddouska
2015-02-20 15:51:21 -08:00
parent 732a0dd39a
commit 608da64ece
15 changed files with 105 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@ -6,7 +6,7 @@
#
#
AC_INIT([wolfssl],[3.3.4],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
AC_INIT([wolfssl],[3.4.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
AC_CONFIG_AUX_DIR([build-aux])

46
src/internal.c
View File

@ -29,6 +29,11 @@
#include <wolfssl/internal.h>
#include <wolfssl/error-ssl.h>
#include <wolfssl/wolfcrypt/asn.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#include <wolfcrypt/src/misc.c>
#endif
#ifdef HAVE_LIBZ
#include "zlib.h"
@ -5498,7 +5503,7 @@ static int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
XMEMCPY(out + sz - ssl->specs.aead_mac_size, tag, sizeof(tag));
AeadIncrementExpIV(ssl);
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
ForceZero(nonce, AEAD_NONCE_SZ);
#ifdef CHACHA_AEAD_TEST
printf("mac tag :\n");
@ -5601,7 +5606,7 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
if (ret == 1) {
WOLFSSL_MSG("Mac did not match");
SendAlert(ssl, alert_fatal, bad_record_mac);
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
ForceZero(nonce, AEAD_NONCE_SZ);
return VERIFY_MAC_ERROR;
}
@ -5700,7 +5705,7 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
additional, AEAD_AUTH_DATA_SZ);
if (gcmRet == 0)
AeadIncrementExpIV(ssl);
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
ForceZero(nonce, AEAD_NONCE_SZ);
return gcmRet;
}
break;
@ -5745,7 +5750,7 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
ssl->specs.aead_mac_size,
additional, AEAD_AUTH_DATA_SZ);
AeadIncrementExpIV(ssl);
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
ForceZero(nonce, AEAD_NONCE_SZ);
}
break;
#endif
@ -5851,10 +5856,10 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
ssl->specs.aead_mac_size,
additional, AEAD_AUTH_DATA_SZ) < 0) {
SendAlert(ssl, alert_fatal, bad_record_mac);
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
ForceZero(nonce, AEAD_NONCE_SZ);
return VERIFY_MAC_ERROR;
}
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
ForceZero(nonce, AEAD_NONCE_SZ);
}
break;
#endif
@ -5892,10 +5897,10 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
ssl->specs.aead_mac_size,
additional, AEAD_AUTH_DATA_SZ) < 0) {
SendAlert(ssl, alert_fatal, bad_record_mac);
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
ForceZero(nonce, AEAD_NONCE_SZ);
return VERIFY_MAC_ERROR;
}
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
ForceZero(nonce, AEAD_NONCE_SZ);
}
break;
#endif
@ -6141,20 +6146,13 @@ static INLINE void CompressRounds(WOLFSSL* ssl, int rounds, const byte* dummy)
static int ConstantCompare(const byte* a, const byte* b, int length)
{
int i;
int good = 0;
int bad = 0;
int compareSum = 0;
for (i = 0; i < length; i++) {
if (a[i] == b[i])
good++;
else
bad++;
compareSum |= a[i] ^ b[i];
}
if (good == length)
return 0;
else
return 0 - bad; /* compare failed */
return compareSum;
}
@ -10527,7 +10525,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
pms += 2;
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz);
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->psk_keySz = 0; /* No further need */
}
break;
@ -10626,7 +10624,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz +=
ssl->arrays->psk_keySz + OPAQUE16_LEN;
XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz);
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->psk_keySz = 0; /* No further need */
}
break;
@ -10875,7 +10873,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
}
/* No further need for PMS */
XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz);
ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
ssl->arrays->preMasterSz = 0;
return ret;
@ -13512,7 +13510,7 @@ int DoSessionTicket(WOLFSSL* ssl,
ret = MakeMasterSecret(ssl);
/* No further need for PSK */
XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz);
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->psk_keySz = 0;
}
break;
@ -13720,7 +13718,7 @@ int DoSessionTicket(WOLFSSL* ssl,
ret = MakeMasterSecret(ssl);
/* No further need for PSK */
XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz);
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->psk_keySz = 0;
}
break;
@ -13734,7 +13732,7 @@ int DoSessionTicket(WOLFSSL* ssl,
}
/* No further need for PMS */
XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz);
ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
ssl->arrays->preMasterSz = 0;
if (ret == 0) {

7
src/sniffer.c
View File

@ -45,6 +45,11 @@
#include <wolfssl/error-ssl.h>
#include <wolfssl/sniffer.h>
#include <wolfssl/sniffer_error.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#include <wolfcrypt/src/misc.c>
#endif
#ifndef min
@ -365,7 +370,7 @@ static void FreeNamedKey(NamedKey* in)
{
if (in) {
if (in->key) {
XMEMSET(in->key, 0, in->keySz);
ForceZero(in->key, in->keySz);
free(in->key);
}
free(in);

11
src/tls.c
View File

@ -30,6 +30,11 @@
#include <wolfssl/internal.h>
#include <wolfssl/error-ssl.h>
#include <wolfssl/wolfcrypt/hmac.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#include <wolfcrypt/src/misc.c>
#endif
@ -158,9 +163,9 @@ static int p_hash(byte* result, word32 resLen, const byte* secret,
}
}
XMEMSET(previous, 0, P_HASH_MAX_SIZE);
XMEMSET(current, 0, P_HASH_MAX_SIZE);
XMEMSET(hmac, 0, sizeof(Hmac));
ForceZero(previous, P_HASH_MAX_SIZE);
ForceZero(current, P_HASH_MAX_SIZE);
ForceZero(hmac, sizeof(Hmac));
#ifdef WOLFSSL_SMALL_STACK
XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER);

2
support/wolfssl.pc
View File

@ -5,6 +5,6 @@ includedir=${prefix}/include
Name: wolfssl
Description: wolfssl C library.
Version: 3.3.4
Version: 3.4.0
Libs: -L${libdir} -lwolfssl
Cflags: -I${includedir}

8
wolfcrypt/src/aes.c
View File

@ -3652,8 +3652,8 @@ void wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
XMEMCPY(out, A, inSz);
}
XMEMSET(A, 0, AES_BLOCK_SIZE);
XMEMSET(B, 0, AES_BLOCK_SIZE);
ForceZero(A, AES_BLOCK_SIZE);
ForceZero(B, AES_BLOCK_SIZE);
}
@ -3752,8 +3752,8 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
result = AES_CCM_AUTH_E;
}
XMEMSET(A, 0, AES_BLOCK_SIZE);
XMEMSET(B, 0, AES_BLOCK_SIZE);
ForceZero(A, AES_BLOCK_SIZE);
ForceZero(B, AES_BLOCK_SIZE);
o = NULL;
return result;

16
wolfcrypt/src/ecc.c
View File

@ -38,6 +38,11 @@
#include <wolfssl/wolfcrypt/aes.h>
#endif
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#include <wolfcrypt/src/misc.c>
#endif
/* map
@ -1614,10 +1619,7 @@ int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
mp_clear(&prime);
mp_clear(&order);
#ifdef ECC_CLEAN_STACK
XMEMSET(buf, 0, ECC_MAXSIZE);
#endif
ForceZero(buf, ECC_MAXSIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@ -2002,10 +2004,8 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
ecc_del_point(precomp[x]);
}
}
#ifdef ECC_CLEAN_STACK
XMEMSET(tA, 0, ECC_BUFSIZE);
XMEMSET(tB, 0, ECC_BUFSIZE);
#endif
ForceZero(tA, ECC_BUFSIZE);
ForceZero(tB, ECC_BUFSIZE);
XFREE(tA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tB, NULL, DYNAMIC_TYPE_TMP_BUFFER);

15
wolfcrypt/src/ecc25519.c
View File

@ -32,6 +32,11 @@
#include <wolfssl/wolfcrypt/ecc25519.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#include <wolfcrypt/src/misc.c>
#endif
#define MONTGOMERY_X_LE 65
@ -126,7 +131,7 @@ int wc_ecc25519_make_key(RNG* rng, int keysize, ecc25519_key* key)
key->k.point[keysize - i - 1] = n[i];
}
XMEMSET(n, 0, keysize);
ForceZero(n, keysize);
return err;
}
@ -167,8 +172,8 @@ int wc_ecc25519_shared_secret(ecc25519_key* private_key, ecc25519_key* public_ke
err = curve25519(out , k, p);
*outlen = ECC25519_KEYSIZE;
XMEMSET(p, 0, sizeof(p));
XMEMSET(k, 0, sizeof(k));
ForceZero(p, sizeof(p));
ForceZero(k, sizeof(k));
return err;
}
@ -301,8 +306,8 @@ void wc_ecc25519_free(ecc25519_key* key)
return;
key->dp = NULL;
XMEMSET(key->p.point, 0, sizeof(key->p.point));
XMEMSET(key->k.point, 0, sizeof(key->k.point));
ForceZero(key->p.point, sizeof(key->p.point));
ForceZero(key->k.point, sizeof(key->k.point));
}

11
wolfcrypt/src/misc.c
View File

@ -169,5 +169,14 @@ STATIC INLINE void xorbuf(void* buf, const void* mask, word32 count)
for (i = 0; i < count; i++) b[i] ^= m[i];
}
}
#undef STATIC
/* Make sure compiler doesn't skip */
STATIC INLINE void ForceZero(const void* mem, word32 len)
{
volatile byte* z = (volatile byte*)mem;
while (len--) *z++ = 0;
}
#undef STATIC

13
wolfcrypt/src/pkcs7.c
View File

@ -30,6 +30,11 @@
#include <wolfssl/wolfcrypt/pkcs7.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#include <wolfcrypt/src/misc.c>
#endif
#ifndef min
static INLINE word32 min(word32 a, word32 b)
@ -1254,7 +1259,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
contentKeyEnc, &contentKeyEncSz, recip,
MAX_RECIP_SZ);
XMEMSET(contentKeyEnc, 0, MAX_ENCRYPTED_KEY_SZ);
ForceZero(contentKeyEnc, MAX_ENCRYPTED_KEY_SZ);
#ifdef WOLFSSL_SMALL_STACK
XFREE(contentKeyEnc, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@ -1446,7 +1451,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
wc_FreeRng(&rng);
#endif
XMEMSET(contentKeyPlain, 0, MAX_CONTENT_KEY_LEN);
ForceZero(contentKeyPlain, MAX_CONTENT_KEY_LEN);
if (dynamicFlag)
XFREE(plain, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
@ -1825,8 +1830,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
XMEMCPY(output, encryptedContent, encryptedContentSz - padLen);
/* free memory, zero out keys */
XMEMSET(encryptedKey, 0, MAX_ENCRYPTED_KEY_SZ);
XMEMSET(encryptedContent, 0, encryptedContentSz);
ForceZero(encryptedKey, MAX_ENCRYPTED_KEY_SZ);
ForceZero(encryptedContent, encryptedContentSz);
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);

10
wolfcrypt/src/random.c
View File

@ -227,7 +227,7 @@ static int Hash_DRBG_Reseed(DRBG* drbg, const byte* entropy, word32 entropySz)
}
XMEMCPY(drbg->V, seed, sizeof(drbg->V));
XMEMSET(seed, 0, sizeof(seed));
ForceZero(seed, sizeof(seed));
if (Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V,
sizeof(drbg->V), NULL, 0) != DRBG_SUCCESS) {
@ -304,7 +304,7 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
outSz = 0;
}
}
XMEMSET(data, 0, sizeof(data));
ForceZero(data, sizeof(data));
return DRBG_SUCCESS;
}
@ -396,7 +396,7 @@ static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
/* Returns: DRBG_SUCCESS */
static int Hash_DRBG_Uninstantiate(DRBG* drbg)
{
XMEMSET(drbg, 0, sizeof(DRBG));
ForceZero(drbg, sizeof(DRBG));
return DRBG_SUCCESS;
}
@ -428,7 +428,7 @@ int wc_InitRng(RNG* rng)
else
ret = DRBG_FAILURE;
XMEMSET(entropy, 0, ENTROPY_NONCE_SZ);
ForceZero(entropy, ENTROPY_NONCE_SZ);
if (ret == DRBG_SUCCESS) {
rng->status = DRBG_OK;
@ -477,7 +477,7 @@ int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
else
ret = DRBG_FAILURE;
XMEMSET(entropy, 0, ENTROPY_SZ);
ForceZero(entropy, ENTROPY_SZ);
}
if (ret == DRBG_SUCCESS) {

19
wolfcrypt/src/rsa.c
View File

@ -125,6 +125,11 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#include <wolfcrypt/src/misc.c>
#endif
#ifdef SHOW_GEN
#ifdef FREESCALE_MQX
@ -467,9 +472,10 @@ int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
plainLen = BAD_FUNC_ARG;
else
XMEMCPY(out, pad, plainLen);
XMEMSET(tmp, 0x00, inLen);
ForceZero(tmp, inLen);
XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
return plainLen;
}
@ -523,11 +529,12 @@ int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
if (plainLen > (int)outLen)
plainLen = BAD_FUNC_ARG;
else
else
XMEMCPY(out, pad, plainLen);
XMEMSET(tmp, 0x00, inLen);
ForceZero(tmp, inLen);
XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
return plainLen;
}
@ -660,11 +667,9 @@ static int rand_prime(mp_int* N, int len, RNG* rng, void* heap)
}
} while (res == MP_NO);
#ifdef LTC_CLEAN_STACK
XMEMSET(buf, 0, len);
#endif
ForceZero(buf, len);
XFREE(buf, heap, DYNAMIC_TYPE_RSA);
return 0;
}

8
wolfcrypt/src/sha512.c
View File

@ -241,8 +241,8 @@ static int Transform(Sha512* sha512)
sha512->digest[7] += h(0);
/* Wipe variables */
XMEMSET(W, 0, sizeof(word64) * 16);
XMEMSET(T, 0, sizeof(T));
ForceZero(W, sizeof(word64) * 16);
ForceZero(T, sizeof(T));
#ifdef WOLFSSL_SMALL_STACK
XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@ -448,8 +448,8 @@ static int Transform384(Sha384* sha384)
sha384->digest[7] += h(0);
/* Wipe variables */
XMEMSET(W, 0, sizeof(word64) * 16);
XMEMSET(T, 0, sizeof(T));
ForceZero(W, sizeof(word64) * 16);
ForceZero(T, sizeof(T));
#ifdef WOLFSSL_SMALL_STACK
XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);

4
wolfssl/version.h
View File

@ -26,8 +26,8 @@
extern "C" {
#endif
#define LIBWOLFSSL_VERSION_STRING "3.3.4"
#define LIBWOLFSSL_VERSION_HEX 0x03003004
#define LIBWOLFSSL_VERSION_STRING "3.4.0"
#define LIBWOLFSSL_VERSION_HEX 0x03004000
#ifdef __cplusplus
}

3
wolfssl/wolfcrypt/misc.h
View File

@ -48,6 +48,9 @@ void XorWords(wolfssl_word*, const wolfssl_word*, word32);
WOLFSSL_LOCAL
void xorbuf(void*, const void*, word32);
WOLFSSL_LOCAL
void ForceZero(const void*, word32);
#ifdef WORD64_AVAILABLE
WOLFSSL_LOCAL
word64 rotlFixed64(word64, word64);