wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 03:22:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

add ForceZero() to force memset(0)

Browse Source
This commit is contained in:
toddouska
2015-02-20 15:51:21 -08:00
parent 732a0dd39a
commit 608da64ece
15 changed files with 105 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
wolfcrypt/src/aes.c
View File

@@ -3652,8 +3652,8 @@ void wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
XMEMCPY(out, A, inSz);
}
XMEMSET(A, 0, AES_BLOCK_SIZE);
XMEMSET(B, 0, AES_BLOCK_SIZE);
ForceZero(A, AES_BLOCK_SIZE);
ForceZero(B, AES_BLOCK_SIZE);
}
@@ -3752,8 +3752,8 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
result = AES_CCM_AUTH_E;
}
XMEMSET(A, 0, AES_BLOCK_SIZE);
XMEMSET(B, 0, AES_BLOCK_SIZE);
ForceZero(A, AES_BLOCK_SIZE);
ForceZero(B, AES_BLOCK_SIZE);
o = NULL;
return result;

16
wolfcrypt/src/ecc.c
View File

@@ -38,6 +38,11 @@
#include <wolfssl/wolfcrypt/aes.h>
#endif
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#include <wolfcrypt/src/misc.c>
#endif
/* map
@@ -1614,10 +1619,7 @@ int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
mp_clear(&prime);
mp_clear(&order);
#ifdef ECC_CLEAN_STACK
XMEMSET(buf, 0, ECC_MAXSIZE);
#endif
ForceZero(buf, ECC_MAXSIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -2002,10 +2004,8 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
ecc_del_point(precomp[x]);
}
}
#ifdef ECC_CLEAN_STACK
XMEMSET(tA, 0, ECC_BUFSIZE);
XMEMSET(tB, 0, ECC_BUFSIZE);
#endif
ForceZero(tA, ECC_BUFSIZE);
ForceZero(tB, ECC_BUFSIZE);
XFREE(tA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tB, NULL, DYNAMIC_TYPE_TMP_BUFFER);

15
wolfcrypt/src/ecc25519.c
View File

@@ -32,6 +32,11 @@
#include <wolfssl/wolfcrypt/ecc25519.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#include <wolfcrypt/src/misc.c>
#endif
#define MONTGOMERY_X_LE 65
@@ -126,7 +131,7 @@ int wc_ecc25519_make_key(RNG* rng, int keysize, ecc25519_key* key)
key->k.point[keysize - i - 1] = n[i];
}
XMEMSET(n, 0, keysize);
ForceZero(n, keysize);
return err;
}
@@ -167,8 +172,8 @@ int wc_ecc25519_shared_secret(ecc25519_key* private_key, ecc25519_key* public_ke
err = curve25519(out , k, p);
*outlen = ECC25519_KEYSIZE;
XMEMSET(p, 0, sizeof(p));
XMEMSET(k, 0, sizeof(k));
ForceZero(p, sizeof(p));
ForceZero(k, sizeof(k));
return err;
}
@@ -301,8 +306,8 @@ void wc_ecc25519_free(ecc25519_key* key)
return;
key->dp = NULL;
XMEMSET(key->p.point, 0, sizeof(key->p.point));
XMEMSET(key->k.point, 0, sizeof(key->k.point));
ForceZero(key->p.point, sizeof(key->p.point));
ForceZero(key->k.point, sizeof(key->k.point));
}

11
wolfcrypt/src/misc.c
View File

@@ -169,5 +169,14 @@ STATIC INLINE void xorbuf(void* buf, const void* mask, word32 count)
for (i = 0; i < count; i++) b[i] ^= m[i];
}
}
#undef STATIC
/* Make sure compiler doesn't skip */
STATIC INLINE void ForceZero(const void* mem, word32 len)
{
volatile byte* z = (volatile byte*)mem;
while (len--) *z++ = 0;
}
#undef STATIC

13
wolfcrypt/src/pkcs7.c
View File

@@ -30,6 +30,11 @@
#include <wolfssl/wolfcrypt/pkcs7.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#include <wolfcrypt/src/misc.c>
#endif
#ifndef min
static INLINE word32 min(word32 a, word32 b)
@@ -1254,7 +1259,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
contentKeyEnc, &contentKeyEncSz, recip,
MAX_RECIP_SZ);
XMEMSET(contentKeyEnc, 0, MAX_ENCRYPTED_KEY_SZ);
ForceZero(contentKeyEnc, MAX_ENCRYPTED_KEY_SZ);
#ifdef WOLFSSL_SMALL_STACK
XFREE(contentKeyEnc, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1446,7 +1451,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
wc_FreeRng(&rng);
#endif
XMEMSET(contentKeyPlain, 0, MAX_CONTENT_KEY_LEN);
ForceZero(contentKeyPlain, MAX_CONTENT_KEY_LEN);
if (dynamicFlag)
XFREE(plain, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
@@ -1825,8 +1830,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
XMEMCPY(output, encryptedContent, encryptedContentSz - padLen);
/* free memory, zero out keys */
XMEMSET(encryptedKey, 0, MAX_ENCRYPTED_KEY_SZ);
XMEMSET(encryptedContent, 0, encryptedContentSz);
ForceZero(encryptedKey, MAX_ENCRYPTED_KEY_SZ);
ForceZero(encryptedContent, encryptedContentSz);
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);

10
wolfcrypt/src/random.c
View File

@@ -227,7 +227,7 @@ static int Hash_DRBG_Reseed(DRBG* drbg, const byte* entropy, word32 entropySz)
}
XMEMCPY(drbg->V, seed, sizeof(drbg->V));
XMEMSET(seed, 0, sizeof(seed));
ForceZero(seed, sizeof(seed));
if (Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V,
sizeof(drbg->V), NULL, 0) != DRBG_SUCCESS) {
@@ -304,7 +304,7 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
outSz = 0;
}
}
XMEMSET(data, 0, sizeof(data));
ForceZero(data, sizeof(data));
return DRBG_SUCCESS;
}
@@ -396,7 +396,7 @@ static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
/* Returns: DRBG_SUCCESS */
static int Hash_DRBG_Uninstantiate(DRBG* drbg)
{
XMEMSET(drbg, 0, sizeof(DRBG));
ForceZero(drbg, sizeof(DRBG));
return DRBG_SUCCESS;
}
@@ -428,7 +428,7 @@ int wc_InitRng(RNG* rng)
else
ret = DRBG_FAILURE;
XMEMSET(entropy, 0, ENTROPY_NONCE_SZ);
ForceZero(entropy, ENTROPY_NONCE_SZ);
if (ret == DRBG_SUCCESS) {
rng->status = DRBG_OK;
@@ -477,7 +477,7 @@ int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
else
ret = DRBG_FAILURE;
XMEMSET(entropy, 0, ENTROPY_SZ);
ForceZero(entropy, ENTROPY_SZ);
}
if (ret == DRBG_SUCCESS) {

19
wolfcrypt/src/rsa.c
View File

@@ -125,6 +125,11 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#include <wolfcrypt/src/misc.c>
#endif
#ifdef SHOW_GEN
#ifdef FREESCALE_MQX
@@ -467,9 +472,10 @@ int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
plainLen = BAD_FUNC_ARG;
else
XMEMCPY(out, pad, plainLen);
XMEMSET(tmp, 0x00, inLen);
ForceZero(tmp, inLen);
XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
return plainLen;
}
@@ -523,11 +529,12 @@ int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
if (plainLen > (int)outLen)
plainLen = BAD_FUNC_ARG;
else
else
XMEMCPY(out, pad, plainLen);
XMEMSET(tmp, 0x00, inLen);
ForceZero(tmp, inLen);
XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
return plainLen;
}
@@ -660,11 +667,9 @@ static int rand_prime(mp_int* N, int len, RNG* rng, void* heap)
}
} while (res == MP_NO);
#ifdef LTC_CLEAN_STACK
XMEMSET(buf, 0, len);
#endif
ForceZero(buf, len);
XFREE(buf, heap, DYNAMIC_TYPE_RSA);
return 0;
}

8
wolfcrypt/src/sha512.c
View File

@@ -241,8 +241,8 @@ static int Transform(Sha512* sha512)
sha512->digest[7] += h(0);
/* Wipe variables */
XMEMSET(W, 0, sizeof(word64) * 16);
XMEMSET(T, 0, sizeof(T));
ForceZero(W, sizeof(word64) * 16);
ForceZero(T, sizeof(T));
#ifdef WOLFSSL_SMALL_STACK
XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -448,8 +448,8 @@ static int Transform384(Sha384* sha384)
sha384->digest[7] += h(0);
/* Wipe variables */
XMEMSET(W, 0, sizeof(word64) * 16);
XMEMSET(T, 0, sizeof(T));
ForceZero(W, sizeof(word64) * 16);
ForceZero(T, sizeof(T));
#ifdef WOLFSSL_SMALL_STACK
XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);