Use plain memset() for freshly allocated objects

This commits reverts to plain memset() for cases like:

    some_type foo;
    memset( &foo, 0, sizeof( foo ) );

(Sometimes there is code between declaration in memset(), but it doesn't
matter as long as it doesn't touch foo.)

The reasoning is the same as in the previous commit: the stack shouldn't
contain sensitive data as we carefully wipe it after use.
This commit is contained in:
Manuel Pégourié-Gonnard 2019-10-03 11:06:55 +02:00
parent 994193326b
commit 54526c3c89
7 changed files with 7 additions and 7 deletions

View File

@ -391,7 +391,7 @@ int mbedtls_asn1_get_alg_null( unsigned char **p,
int ret; int ret;
mbedtls_asn1_buf params; mbedtls_asn1_buf params;
mbedtls_platform_memset( &params, 0, sizeof(mbedtls_asn1_buf) ); memset( &params, 0, sizeof(mbedtls_asn1_buf) );
if( ( ret = mbedtls_asn1_get_alg( p, end, alg, &params ) ) != 0 ) if( ( ret = mbedtls_asn1_get_alg( p, end, alg, &params ) ) != 0 )
return( ret ); return( ret );

View File

@ -211,7 +211,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
/* Start CBC-MAC with first block */ /* Start CBC-MAC with first block */
mbedtls_platform_memset( y, 0, 16 ); memset( y, 0, 16 );
UPDATE_CBC_MAC; UPDATE_CBC_MAC;
/* /*

View File

@ -370,7 +370,7 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
} }
while( ! done ); while( ! done );
mbedtls_platform_memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
/* /*

View File

@ -178,7 +178,7 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx,
} }
} }
mbedtls_platform_memset( seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT ); memset( seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT );
/* IV. Gather entropy_len bytes of entropy for the seed */ /* IV. Gather entropy_len bytes of entropy for the seed */
if( ( ret = ctx->f_entropy( ctx->p_entropy, if( ( ret = ctx->f_entropy( ctx->p_entropy,

View File

@ -3376,7 +3376,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
const size_t max_len = rec->data_len + padlen; const size_t max_len = rec->data_len + padlen;
const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0; const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0;
mbedtls_platform_memset( tmp, 0, sizeof( tmp ) ); memset( tmp, 0, sizeof( tmp ) );
switch( mbedtls_md_get_type( switch( mbedtls_md_get_type(
mbedtls_md_get_handle( &transform->md_ctx_dec ) ) ) mbedtls_md_get_handle( &transform->md_ctx_dec ) ) )

View File

@ -943,7 +943,7 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn )
const char *short_name = NULL; const char *short_name = NULL;
char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p; char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p;
mbedtls_platform_memset( s, 0, sizeof( s ) ); memset( s, 0, sizeof( s ) );
name = dn; name = dn;
p = buf; p = buf;

View File

@ -2271,7 +2271,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
p = buf; p = buf;
n = size; n = size;
mbedtls_platform_memset( &sig_info, 0, sizeof( mbedtls_x509_crt_sig_info ) ); memset( &sig_info, 0, sizeof( mbedtls_x509_crt_sig_info ) );
mbedtls_pk_init( &pk ); mbedtls_pk_init( &pk );
if( NULL == crt ) if( NULL == crt )