From 54526c3c89722842f590ebb568f8c3ebbe5dbc7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 3 Oct 2019 11:06:55 +0200 Subject: [PATCH] Use plain memset() for freshly allocated objects This commits reverts to plain memset() for cases like: some_type foo; memset( &foo, 0, sizeof( foo ) ); (Sometimes there is code between declaration in memset(), but it doesn't matter as long as it doesn't touch foo.) The reasoning is the same as in the previous commit: the stack shouldn't contain sensitive data as we carefully wipe it after use. --- library/asn1parse.c | 2 +- library/ccm.c | 2 +- library/entropy.c | 2 +- library/hmac_drbg.c | 2 +- library/ssl_tls.c | 2 +- library/x509.c | 2 +- library/x509_crt.c | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/library/asn1parse.c b/library/asn1parse.c index ac3943adf..990ae3862 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -391,7 +391,7 @@ int mbedtls_asn1_get_alg_null( unsigned char **p, int ret; mbedtls_asn1_buf params; - mbedtls_platform_memset( ¶ms, 0, sizeof(mbedtls_asn1_buf) ); + memset( ¶ms, 0, sizeof(mbedtls_asn1_buf) ); if( ( ret = mbedtls_asn1_get_alg( p, end, alg, ¶ms ) ) != 0 ) return( ret ); diff --git a/library/ccm.c b/library/ccm.c index 925808238..f6a751c82 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -211,7 +211,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, /* Start CBC-MAC with first block */ - mbedtls_platform_memset( y, 0, 16 ); + memset( y, 0, 16 ); UPDATE_CBC_MAC; /* diff --git a/library/entropy.c b/library/entropy.c index 8f287334a..281ed23c3 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -370,7 +370,7 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) } while( ! done ); - mbedtls_platform_memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) /* diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 9d26a735b..03c7d67f7 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -178,7 +178,7 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx, } } - mbedtls_platform_memset( seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT ); + memset( seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT ); /* IV. Gather entropy_len bytes of entropy for the seed */ if( ( ret = ctx->f_entropy( ctx->p_entropy, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ddc58a493..e9102a761 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3376,7 +3376,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, const size_t max_len = rec->data_len + padlen; const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0; - mbedtls_platform_memset( tmp, 0, sizeof( tmp ) ); + memset( tmp, 0, sizeof( tmp ) ); switch( mbedtls_md_get_type( mbedtls_md_get_handle( &transform->md_ctx_dec ) ) ) diff --git a/library/x509.c b/library/x509.c index 33dc0b90e..4b3448639 100644 --- a/library/x509.c +++ b/library/x509.c @@ -943,7 +943,7 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ) const char *short_name = NULL; char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p; - mbedtls_platform_memset( s, 0, sizeof( s ) ); + memset( s, 0, sizeof( s ) ); name = dn; p = buf; diff --git a/library/x509_crt.c b/library/x509_crt.c index 5919303cd..b7d1036de 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2271,7 +2271,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, p = buf; n = size; - mbedtls_platform_memset( &sig_info, 0, sizeof( mbedtls_x509_crt_sig_info ) ); + memset( &sig_info, 0, sizeof( mbedtls_x509_crt_sig_info ) ); mbedtls_pk_init( &pk ); if( NULL == crt )