From 608da64ecebbafdb02a2e4592479f203ed3eebf7 Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 20 Feb 2015 15:51:21 -0800 Subject: [PATCH] add ForceZero() to force memset(0) --- configure.ac | 2 +- src/internal.c | 46 +++++++++++++++++++--------------------- src/sniffer.c | 7 +++++- src/tls.c | 11 +++++++--- support/wolfssl.pc | 2 +- wolfcrypt/src/aes.c | 8 +++---- wolfcrypt/src/ecc.c | 16 +++++++------- wolfcrypt/src/ecc25519.c | 15 ++++++++----- wolfcrypt/src/misc.c | 11 +++++++++- wolfcrypt/src/pkcs7.c | 13 ++++++++---- wolfcrypt/src/random.c | 10 ++++----- wolfcrypt/src/rsa.c | 19 +++++++++++------ wolfcrypt/src/sha512.c | 8 +++---- wolfssl/version.h | 4 ++-- wolfssl/wolfcrypt/misc.h | 3 +++ 15 files changed, 105 insertions(+), 70 deletions(-) diff --git a/configure.ac b/configure.ac index 4121f004b..2c4871ca1 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([wolfssl],[3.3.4],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) +AC_INIT([wolfssl],[3.4.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) diff --git a/src/internal.c b/src/internal.c index c2ca008f6..a1d390a17 100644 --- a/src/internal.c +++ b/src/internal.c @@ -29,6 +29,11 @@ #include #include #include +#ifdef NO_INLINE + #include +#else + #include +#endif #ifdef HAVE_LIBZ #include "zlib.h" @@ -5498,7 +5503,7 @@ static int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, XMEMCPY(out + sz - ssl->specs.aead_mac_size, tag, sizeof(tag)); AeadIncrementExpIV(ssl); - XMEMSET(nonce, 0, AEAD_NONCE_SZ); + ForceZero(nonce, AEAD_NONCE_SZ); #ifdef CHACHA_AEAD_TEST printf("mac tag :\n"); @@ -5601,7 +5606,7 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, if (ret == 1) { WOLFSSL_MSG("Mac did not match"); SendAlert(ssl, alert_fatal, bad_record_mac); - XMEMSET(nonce, 0, AEAD_NONCE_SZ); + ForceZero(nonce, AEAD_NONCE_SZ); return VERIFY_MAC_ERROR; } @@ -5700,7 +5705,7 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz) additional, AEAD_AUTH_DATA_SZ); if (gcmRet == 0) AeadIncrementExpIV(ssl); - XMEMSET(nonce, 0, AEAD_NONCE_SZ); + ForceZero(nonce, AEAD_NONCE_SZ); return gcmRet; } break; @@ -5745,7 +5750,7 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz) ssl->specs.aead_mac_size, additional, AEAD_AUTH_DATA_SZ); AeadIncrementExpIV(ssl); - XMEMSET(nonce, 0, AEAD_NONCE_SZ); + ForceZero(nonce, AEAD_NONCE_SZ); } break; #endif @@ -5851,10 +5856,10 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input, ssl->specs.aead_mac_size, additional, AEAD_AUTH_DATA_SZ) < 0) { SendAlert(ssl, alert_fatal, bad_record_mac); - XMEMSET(nonce, 0, AEAD_NONCE_SZ); + ForceZero(nonce, AEAD_NONCE_SZ); return VERIFY_MAC_ERROR; } - XMEMSET(nonce, 0, AEAD_NONCE_SZ); + ForceZero(nonce, AEAD_NONCE_SZ); } break; #endif @@ -5892,10 +5897,10 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input, ssl->specs.aead_mac_size, additional, AEAD_AUTH_DATA_SZ) < 0) { SendAlert(ssl, alert_fatal, bad_record_mac); - XMEMSET(nonce, 0, AEAD_NONCE_SZ); + ForceZero(nonce, AEAD_NONCE_SZ); return VERIFY_MAC_ERROR; } - XMEMSET(nonce, 0, AEAD_NONCE_SZ); + ForceZero(nonce, AEAD_NONCE_SZ); } break; #endif @@ -6141,20 +6146,13 @@ static INLINE void CompressRounds(WOLFSSL* ssl, int rounds, const byte* dummy) static int ConstantCompare(const byte* a, const byte* b, int length) { int i; - int good = 0; - int bad = 0; + int compareSum = 0; for (i = 0; i < length; i++) { - if (a[i] == b[i]) - good++; - else - bad++; + compareSum |= a[i] ^ b[i]; } - if (good == length) - return 0; - else - return 0 - bad; /* compare failed */ + return compareSum; } @@ -10527,7 +10525,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl, pms += 2; XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4; - XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); + ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz); ssl->arrays->psk_keySz = 0; /* No further need */ } break; @@ -10626,7 +10624,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl, XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); ssl->arrays->preMasterSz += ssl->arrays->psk_keySz + OPAQUE16_LEN; - XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); + ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz); ssl->arrays->psk_keySz = 0; /* No further need */ } break; @@ -10875,7 +10873,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl, ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; } /* No further need for PMS */ - XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz); + ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz); ssl->arrays->preMasterSz = 0; return ret; @@ -13512,7 +13510,7 @@ int DoSessionTicket(WOLFSSL* ssl, ret = MakeMasterSecret(ssl); /* No further need for PSK */ - XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); + ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz); ssl->arrays->psk_keySz = 0; } break; @@ -13720,7 +13718,7 @@ int DoSessionTicket(WOLFSSL* ssl, ret = MakeMasterSecret(ssl); /* No further need for PSK */ - XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); + ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz); ssl->arrays->psk_keySz = 0; } break; @@ -13734,7 +13732,7 @@ int DoSessionTicket(WOLFSSL* ssl, } /* No further need for PMS */ - XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz); + ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz); ssl->arrays->preMasterSz = 0; if (ret == 0) { diff --git a/src/sniffer.c b/src/sniffer.c index 68ece0d1b..f813f557c 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -45,6 +45,11 @@ #include #include #include +#ifdef NO_INLINE + #include +#else + #include +#endif #ifndef min @@ -365,7 +370,7 @@ static void FreeNamedKey(NamedKey* in) { if (in) { if (in->key) { - XMEMSET(in->key, 0, in->keySz); + ForceZero(in->key, in->keySz); free(in->key); } free(in); diff --git a/src/tls.c b/src/tls.c index 3f0f115e6..6b2ee04ef 100644 --- a/src/tls.c +++ b/src/tls.c @@ -30,6 +30,11 @@ #include #include #include +#ifdef NO_INLINE + #include +#else + #include +#endif @@ -158,9 +163,9 @@ static int p_hash(byte* result, word32 resLen, const byte* secret, } } - XMEMSET(previous, 0, P_HASH_MAX_SIZE); - XMEMSET(current, 0, P_HASH_MAX_SIZE); - XMEMSET(hmac, 0, sizeof(Hmac)); + ForceZero(previous, P_HASH_MAX_SIZE); + ForceZero(current, P_HASH_MAX_SIZE); + ForceZero(hmac, sizeof(Hmac)); #ifdef WOLFSSL_SMALL_STACK XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/support/wolfssl.pc b/support/wolfssl.pc index 14710437c..e840d1768 100644 --- a/support/wolfssl.pc +++ b/support/wolfssl.pc @@ -5,6 +5,6 @@ includedir=${prefix}/include Name: wolfssl Description: wolfssl C library. -Version: 3.3.4 +Version: 3.4.0 Libs: -L${libdir} -lwolfssl Cflags: -I${includedir} diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 4b1daed13..4a04488f8 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -3652,8 +3652,8 @@ void wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, XMEMCPY(out, A, inSz); } - XMEMSET(A, 0, AES_BLOCK_SIZE); - XMEMSET(B, 0, AES_BLOCK_SIZE); + ForceZero(A, AES_BLOCK_SIZE); + ForceZero(B, AES_BLOCK_SIZE); } @@ -3752,8 +3752,8 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, result = AES_CCM_AUTH_E; } - XMEMSET(A, 0, AES_BLOCK_SIZE); - XMEMSET(B, 0, AES_BLOCK_SIZE); + ForceZero(A, AES_BLOCK_SIZE); + ForceZero(B, AES_BLOCK_SIZE); o = NULL; return result; diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index a14af920a..dcb730d0a 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -38,6 +38,11 @@ #include #endif +#ifdef NO_INLINE + #include +#else + #include +#endif /* map @@ -1614,10 +1619,7 @@ int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp) mp_clear(&prime); mp_clear(&order); -#ifdef ECC_CLEAN_STACK - XMEMSET(buf, 0, ECC_MAXSIZE); -#endif - + ForceZero(buf, ECC_MAXSIZE); #ifdef WOLFSSL_SMALL_STACK XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -2002,10 +2004,8 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA, ecc_del_point(precomp[x]); } } -#ifdef ECC_CLEAN_STACK - XMEMSET(tA, 0, ECC_BUFSIZE); - XMEMSET(tB, 0, ECC_BUFSIZE); -#endif + ForceZero(tA, ECC_BUFSIZE); + ForceZero(tB, ECC_BUFSIZE); XFREE(tA, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(tB, NULL, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/wolfcrypt/src/ecc25519.c b/wolfcrypt/src/ecc25519.c index 0c3a34c87..14326c63e 100644 --- a/wolfcrypt/src/ecc25519.c +++ b/wolfcrypt/src/ecc25519.c @@ -32,6 +32,11 @@ #include #include +#ifdef NO_INLINE + #include +#else + #include +#endif #define MONTGOMERY_X_LE 65 @@ -126,7 +131,7 @@ int wc_ecc25519_make_key(RNG* rng, int keysize, ecc25519_key* key) key->k.point[keysize - i - 1] = n[i]; } - XMEMSET(n, 0, keysize); + ForceZero(n, keysize); return err; } @@ -167,8 +172,8 @@ int wc_ecc25519_shared_secret(ecc25519_key* private_key, ecc25519_key* public_ke err = curve25519(out , k, p); *outlen = ECC25519_KEYSIZE; - XMEMSET(p, 0, sizeof(p)); - XMEMSET(k, 0, sizeof(k)); + ForceZero(p, sizeof(p)); + ForceZero(k, sizeof(k)); return err; } @@ -301,8 +306,8 @@ void wc_ecc25519_free(ecc25519_key* key) return; key->dp = NULL; - XMEMSET(key->p.point, 0, sizeof(key->p.point)); - XMEMSET(key->k.point, 0, sizeof(key->k.point)); + ForceZero(key->p.point, sizeof(key->p.point)); + ForceZero(key->k.point, sizeof(key->k.point)); } diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index aaad86aca..c7fabe338 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -169,5 +169,14 @@ STATIC INLINE void xorbuf(void* buf, const void* mask, word32 count) for (i = 0; i < count; i++) b[i] ^= m[i]; } } -#undef STATIC + +/* Make sure compiler doesn't skip */ +STATIC INLINE void ForceZero(const void* mem, word32 len) +{ + volatile byte* z = (volatile byte*)mem; + + while (len--) *z++ = 0; +} + +#undef STATIC diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 569fd8b74..6ef70f6f9 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -30,6 +30,11 @@ #include #include #include +#ifdef NO_INLINE + #include +#else + #include +#endif #ifndef min static INLINE word32 min(word32 a, word32 b) @@ -1254,7 +1259,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) contentKeyEnc, &contentKeyEncSz, recip, MAX_RECIP_SZ); - XMEMSET(contentKeyEnc, 0, MAX_ENCRYPTED_KEY_SZ); + ForceZero(contentKeyEnc, MAX_ENCRYPTED_KEY_SZ); #ifdef WOLFSSL_SMALL_STACK XFREE(contentKeyEnc, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1446,7 +1451,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) wc_FreeRng(&rng); #endif - XMEMSET(contentKeyPlain, 0, MAX_CONTENT_KEY_LEN); + ForceZero(contentKeyPlain, MAX_CONTENT_KEY_LEN); if (dynamicFlag) XFREE(plain, NULL, DYNAMMIC_TYPE_TMP_BUFFER); @@ -1825,8 +1830,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, XMEMCPY(output, encryptedContent, encryptedContentSz - padLen); /* free memory, zero out keys */ - XMEMSET(encryptedKey, 0, MAX_ENCRYPTED_KEY_SZ); - XMEMSET(encryptedContent, 0, encryptedContentSz); + ForceZero(encryptedKey, MAX_ENCRYPTED_KEY_SZ); + ForceZero(encryptedContent, encryptedContentSz); XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index c85099d59..ef9fdb37d 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -227,7 +227,7 @@ static int Hash_DRBG_Reseed(DRBG* drbg, const byte* entropy, word32 entropySz) } XMEMCPY(drbg->V, seed, sizeof(drbg->V)); - XMEMSET(seed, 0, sizeof(seed)); + ForceZero(seed, sizeof(seed)); if (Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V, sizeof(drbg->V), NULL, 0) != DRBG_SUCCESS) { @@ -304,7 +304,7 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V) outSz = 0; } } - XMEMSET(data, 0, sizeof(data)); + ForceZero(data, sizeof(data)); return DRBG_SUCCESS; } @@ -396,7 +396,7 @@ static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz, /* Returns: DRBG_SUCCESS */ static int Hash_DRBG_Uninstantiate(DRBG* drbg) { - XMEMSET(drbg, 0, sizeof(DRBG)); + ForceZero(drbg, sizeof(DRBG)); return DRBG_SUCCESS; } @@ -428,7 +428,7 @@ int wc_InitRng(RNG* rng) else ret = DRBG_FAILURE; - XMEMSET(entropy, 0, ENTROPY_NONCE_SZ); + ForceZero(entropy, ENTROPY_NONCE_SZ); if (ret == DRBG_SUCCESS) { rng->status = DRBG_OK; @@ -477,7 +477,7 @@ int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) else ret = DRBG_FAILURE; - XMEMSET(entropy, 0, ENTROPY_SZ); + ForceZero(entropy, ENTROPY_SZ); } if (ret == DRBG_SUCCESS) { diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index f5bcadcec..ee7555d38 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -125,6 +125,11 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, #include #include #include +#ifdef NO_INLINE + #include +#else + #include +#endif #ifdef SHOW_GEN #ifdef FREESCALE_MQX @@ -467,9 +472,10 @@ int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, plainLen = BAD_FUNC_ARG; else XMEMCPY(out, pad, plainLen); - XMEMSET(tmp, 0x00, inLen); + ForceZero(tmp, inLen); XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); + return plainLen; } @@ -523,11 +529,12 @@ int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, if (plainLen > (int)outLen) plainLen = BAD_FUNC_ARG; - else + else XMEMCPY(out, pad, plainLen); - XMEMSET(tmp, 0x00, inLen); + ForceZero(tmp, inLen); XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); + return plainLen; } @@ -660,11 +667,9 @@ static int rand_prime(mp_int* N, int len, RNG* rng, void* heap) } } while (res == MP_NO); -#ifdef LTC_CLEAN_STACK - XMEMSET(buf, 0, len); -#endif - + ForceZero(buf, len); XFREE(buf, heap, DYNAMIC_TYPE_RSA); + return 0; } diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index aa078640e..f4ba41cfd 100755 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -241,8 +241,8 @@ static int Transform(Sha512* sha512) sha512->digest[7] += h(0); /* Wipe variables */ - XMEMSET(W, 0, sizeof(word64) * 16); - XMEMSET(T, 0, sizeof(T)); + ForceZero(W, sizeof(word64) * 16); + ForceZero(T, sizeof(T)); #ifdef WOLFSSL_SMALL_STACK XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -448,8 +448,8 @@ static int Transform384(Sha384* sha384) sha384->digest[7] += h(0); /* Wipe variables */ - XMEMSET(W, 0, sizeof(word64) * 16); - XMEMSET(T, 0, sizeof(T)); + ForceZero(W, sizeof(word64) * 16); + ForceZero(T, sizeof(T)); #ifdef WOLFSSL_SMALL_STACK XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/wolfssl/version.h b/wolfssl/version.h index 857cb548b..414af9bd1 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -26,8 +26,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.3.4" -#define LIBWOLFSSL_VERSION_HEX 0x03003004 +#define LIBWOLFSSL_VERSION_STRING "3.4.0" +#define LIBWOLFSSL_VERSION_HEX 0x03004000 #ifdef __cplusplus } diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index 0b5075353..bee7882a6 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -48,6 +48,9 @@ void XorWords(wolfssl_word*, const wolfssl_word*, word32); WOLFSSL_LOCAL void xorbuf(void*, const void*, word32); +WOLFSSL_LOCAL +void ForceZero(const void*, word32); + #ifdef WORD64_AVAILABLE WOLFSSL_LOCAL word64 rotlFixed64(word64, word64);