#include "mbedtls/aes.h"
#include "mbedtls/md5.h"
#include "mbedtls/cipher.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
#endif
#if defined(MBEDTLS_PEM_PARSE_C)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
void mbedtls_pem_init( mbedtls_pem_context *ctx )
{
memset( ctx, 0, sizeof( mbedtls_pem_context ) );
exit:
mbedtls_md5_free( &md5_ctx );
- mbedtls_zeroize( md5sum, 16 );
+ mbedtls_platform_zeroize( md5sum, 16 );
return( ret );
}
exit:
mbedtls_des_free( &des_ctx );
- mbedtls_zeroize( des_key, 8 );
+ mbedtls_platform_zeroize( des_key, 8 );
return( ret );
}
exit:
mbedtls_des3_free( &des3_ctx );
- mbedtls_zeroize( des3_key, 24 );
+ mbedtls_platform_zeroize( des3_key, 24 );
return( ret );
}
exit:
mbedtls_aes_free( &aes_ctx );
- mbedtls_zeroize( aes_key, keylen );
+ mbedtls_platform_zeroize( aes_key, keylen );
return( ret );
}
if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 )
{
- mbedtls_zeroize( buf, len );
+ mbedtls_platform_zeroize( buf, len );
mbedtls_free( buf );
return( MBEDTLS_ERR_PEM_INVALID_DATA + ret );
}
( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
if( pwd == NULL )
{
- mbedtls_zeroize( buf, len );
+ mbedtls_platform_zeroize( buf, len );
mbedtls_free( buf );
return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED );
}
* The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
* length bytes (allow 4 to be sure) in all known use cases.
*
- * Use that as heurisitic to try detecting password mismatchs.
+ * Use that as a heuristic to try to detect password mismatches.
*/
if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
{
- mbedtls_zeroize( buf, len );
+ mbedtls_platform_zeroize( buf, len );
mbedtls_free( buf );
return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH );
}
#else
- mbedtls_zeroize( buf, len );
+ mbedtls_platform_zeroize( buf, len );
mbedtls_free( buf );
return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
void mbedtls_pem_free( mbedtls_pem_context *ctx )
{
- if( ctx->buf != NULL )
- mbedtls_zeroize( ctx->buf, ctx->buflen );
- mbedtls_free( ctx->buf );
+ if ( ctx->buf != NULL )
+ {
+ mbedtls_platform_zeroize( ctx->buf, ctx->buflen );
+ mbedtls_free( ctx->buf );
+ }
mbedtls_free( ctx->info );
- mbedtls_zeroize( ctx, sizeof( mbedtls_pem_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) );
}
#endif /* MBEDTLS_PEM_PARSE_C */
*p++ = '\0';
*olen = p - buf;
- /* Clean any remaining data previously written to the buffer */
+ /* Clean any remaining data previously written to the buffer */
memset( buf + *olen, 0, buf_len - *olen );
mbedtls_free( encode_buf );
}
#endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */
+