From 614d9c06677dfac460e60208c8e7fefcbacd9505 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Oct 2017 21:27:43 +0100 Subject: [PATCH 01/38] Add a utils.h file that contains common functions The new header contains common information across various mbed TLS modules and avoids code duplication. To start, utils.h currently only contains the mbedtls_zeroize() function. --- include/mbedtls/utils.h | 39 +++++++++++++++++++++++++++++++++++++++ library/CMakeLists.txt | 1 + library/Makefile | 3 ++- library/utils.c | 33 +++++++++++++++++++++++++++++++++ 4 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 include/mbedtls/utils.h create mode 100644 library/utils.c diff --git a/include/mbedtls/utils.h b/include/mbedtls/utils.h new file mode 100644 index 000000000..61b1b76c0 --- /dev/null +++ b/include/mbedtls/utils.h @@ -0,0 +1,39 @@ +/** + * \file utils.h + * + * \brief mbed TLS utility functions + * + * Copyright (C) 2017, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ +#ifndef MBEDTLS_UTILS_H +#define MBEDTLS_UTILS_H + +#include + +/** + * \brief Securely zeroize a buffer + * + * \param buf Buffer to be zeroized + * \param len Length of the buffer in bytes + * + * \note This implementation should never be optimized out by the + * compiler + */ +void mbedtls_zeroize( void *buf, size_t len ); + +#endif /* MBEDTLS_UTILS_H */ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 7742c22d2..24a2484a3 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -57,6 +57,7 @@ set(src_crypto version.c version_features.c xtea.c + utils.c ) set(src_x509 diff --git a/library/Makefile b/library/Makefile index 0333815f0..46dce4e6f 100644 --- a/library/Makefile +++ b/library/Makefile @@ -65,7 +65,8 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ ripemd160.o rsa_internal.o rsa.o \ sha1.o sha256.o sha512.o \ threading.o timing.o version.o \ - version_features.o xtea.o + version_features.o xtea.o \ + utils.o OBJS_X509= certs.o pkcs11.o x509.o \ x509_create.o x509_crl.o x509_crt.o \ diff --git a/library/utils.c b/library/utils.c new file mode 100644 index 000000000..f943cb1c6 --- /dev/null +++ b/library/utils.c @@ -0,0 +1,33 @@ +/* + * mbedtls utility functions + * + * Copyright (C) 2017, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#include "mbedtls/utils.h" + +#include + +/* This implementation should never be optimized out by the compiler */ +void mbedtls_zeroize( void *buf, size_t len ) +{ + volatile unsigned char *p = (unsigned char *)buf; + + while( len-- ) + *p++ = 0; +} From 5ab74a1401f2b2ceb6b59276681359ecc6d4d7da Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Oct 2017 21:10:45 +0100 Subject: [PATCH 02/38] Add programs/test/zeroize.c to test mbedtls_zeroize The idea is to use the simple program that is expected to be modified rarely to set a breakpoint in a specific line and check that the function mbedtls_zeroize() does actually set the buffer to 0 and is not optimised out by the compiler. --- programs/.gitignore | 1 + programs/Makefile | 5 ++ programs/test/CMakeLists.txt | 5 +- programs/test/zeroize.c | 91 ++++++++++++++++++++++++++++++++++++ 4 files changed, 101 insertions(+), 1 deletion(-) create mode 100644 programs/test/zeroize.c diff --git a/programs/.gitignore b/programs/.gitignore index 27055b829..ddfa1a426 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -47,6 +47,7 @@ test/ecp-bench test/selftest test/ssl_cert_test test/udp_proxy +test/zeroize util/pem2der util/strerror x509/cert_app diff --git a/programs/Makefile b/programs/Makefile index 25f184f8c..4e659d485 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -67,6 +67,7 @@ APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \ random/gen_random_ctr_drbg$(EXEXT) \ test/ssl_cert_test$(EXEXT) test/benchmark$(EXEXT) \ test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \ + test/zeroize$(EXEXT) \ util/pem2der$(EXEXT) util/strerror$(EXEXT) \ x509/cert_app$(EXEXT) x509/crl_app$(EXEXT) \ x509/cert_req$(EXEXT) x509/cert_write$(EXEXT) \ @@ -249,6 +250,10 @@ test/udp_proxy$(EXEXT): test/udp_proxy.c $(DEP) echo " CC test/udp_proxy.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/udp_proxy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/zeroize$(EXEXT): test/zeroize.c $(DEP) + echo " CC test/zeroize.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + util/pem2der$(EXEXT): util/pem2der.c $(DEP) echo " CC util/pem2der.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) util/pem2der.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 0ed714546..1e87fca31 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -22,6 +22,9 @@ target_link_libraries(ssl_cert_test ${libs}) add_executable(udp_proxy udp_proxy.c) target_link_libraries(udp_proxy ${libs}) -install(TARGETS selftest benchmark ssl_cert_test udp_proxy +add_executable(zeroize zeroize.c) +target_link_libraries(zeroize ${libs}) + +install(TARGETS selftest benchmark ssl_cert_test udp_proxy zeroize DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c new file mode 100644 index 000000000..7f3e8b401 --- /dev/null +++ b/programs/test/zeroize.c @@ -0,0 +1,91 @@ +/* + * Zeroize demonstration program + * + * Copyright (C) 2017, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_printf printf +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif + +#include "mbedtls/utils.h" + +#define BUFFER_LEN 1024 + +void usage( void ) +{ + mbedtls_printf( "Zeroize is a simple program to assist with testing\n" ); + mbedtls_printf( "the mbedtls_zeroize() function by using the\n" ); + mbedtls_printf( "debugger. This program takes a file as input and\n" ); + mbedtls_printf( "prints the first %d characters. Usage:\n\n", BUFFER_LEN ); + mbedtls_printf( " zeroize \n" ); +} + +int main( int argc, char** argv ) +{ + int exit_code = MBEDTLS_EXIT_FAILURE; + FILE * fp; + char buf[BUFFER_LEN]; + char *p = buf; + char *end = p + BUFFER_LEN; + char c; + + if( argc != 2 ) + { + mbedtls_printf( "This program takes exactly 1 agument\n" ); + usage(); + return( exit_code ); + } + + fp = fopen( argv[1], "r" ); + if( fp == NULL ) + { + mbedtls_printf( "Could not open file '%s'\n", argv[1] ); + return( exit_code ); + } + + while( ( c = fgetc( fp ) ) != EOF && p < end - 1 ) + *p++ = c; + *p = '\0'; + + if( p - buf != 0 ) + { + mbedtls_printf( "%s\n", buf ); + mbedtls_zeroize( buf, sizeof( buf ) ); + exit_code = MBEDTLS_EXIT_SUCCESS; + } + else + mbedtls_printf( "The file is empty!\n" ); + + fclose( fp ); + + return( exit_code ); +} From ddebc49f286e3fa789fefd178604a7c213e8a159 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Oct 2017 22:16:34 +0100 Subject: [PATCH 03/38] Add gdb script to test mbedtls_zeroize() The gdb script loads the programs/test/zeroize program and feeds it as imput its own source code. Then sets a breakpoint just before the last program's return code and checks that every element in memory was zeroized. Otherwise it signals a failure and terminates. The test was added to all.sh. --- tests/scripts/all.sh | 2 +- tests/scripts/test_zeroize.gdb | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 tests/scripts/test_zeroize.gdb diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 497a261c4..81ab2ca90 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -421,7 +421,7 @@ export GNUTLS_SERV="$GNUTLS_SERV" # Make sure the tools we need are available. check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ - "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" + "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" "gdb" if [ $RUN_ARMCC -ne 0 ]; then check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" fi diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb new file mode 100644 index 000000000..52b7cda7f --- /dev/null +++ b/tests/scripts/test_zeroize.gdb @@ -0,0 +1,25 @@ +set confirm off +file ./programs/test/zeroize +break zeroize.c:90 + +set args ./programs/test/zeroize.c +run + +set $i = 0 +set $len = sizeof(buf) +set $buf = buf + +if exit_code != 0 + echo The program did not terminate correctly\n + quit 1 +end + +while $i < $len + if $buf[$i++] != 0 + echo The buffer at was not zeroized\n + quit 1 + end +end + +echo The buffer was correctly zeroized\n +quit 0 From 9a65b1de2a7b986ea91bdba07f4d437c9539b1a1 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Oct 2017 22:30:29 +0100 Subject: [PATCH 04/38] Add utils.h ChangeLog entry --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 9ee82c685..7e915e710 100644 --- a/ChangeLog +++ b/ChangeLog @@ -286,6 +286,11 @@ New deprecations from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin() accepting DHM parameters in binary form, matching the new constants. +API Changes + * Create a new header utils.h that contains functionality shared by multiple + mbed TLS modules. At this stage utils.h (and its associated utils.c) only + contain mbedtls_zeroize(). + Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. From c6b0abd5a6e3cac8c6b16154dadebd505727a17b Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Oct 2017 22:35:13 +0100 Subject: [PATCH 05/38] Fix alignment of Makefiles --- programs/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/Makefile b/programs/Makefile index 4e659d485..080e82d88 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -67,7 +67,7 @@ APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \ random/gen_random_ctr_drbg$(EXEXT) \ test/ssl_cert_test$(EXEXT) test/benchmark$(EXEXT) \ test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \ - test/zeroize$(EXEXT) \ + test/zeroize$(EXEXT) \ util/pem2der$(EXEXT) util/strerror$(EXEXT) \ x509/cert_app$(EXEXT) x509/crl_app$(EXEXT) \ x509/cert_req$(EXEXT) x509/cert_write$(EXEXT) \ From f2d17929c032109f86933e6d677732084893f9bd Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Oct 2017 22:47:14 +0100 Subject: [PATCH 06/38] Document test_zeroize.gdb script --- tests/scripts/test_zeroize.gdb | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 52b7cda7f..15b8b09b3 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -1,3 +1,20 @@ +# test_zeroize.gdb +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2017, ARM Limited, All Rights Reserved +# +# Purpose +# +# Run a test using the debugger to check that the mbedtls_zeroize() function in +# utils.h is not being optimized out by the compiler. To do so, the script +# loads the test program at programs/test/zeroize.c and sets a breakpoint at +# the last return statement in the main(). When the breakpoint is hit, the +# debugger manually checks the contents to be zeroized and checks that it is +# actually cleared. +# +# Note: This test requires that the test program is compiled with -g3. + set confirm off file ./programs/test/zeroize break zeroize.c:90 From d0d7bf614eb82db6cdbc7551dd05cb3cd9cfbb54 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 25 Oct 2017 09:01:31 +0100 Subject: [PATCH 07/38] Add gdb zeroize test when compiling with clang --- tests/scripts/all.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 81ab2ca90..f45062818 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -907,6 +907,16 @@ make test cd "$MBEDTLS_ROOT_DIR" rm -rf "$OUT_OF_SOURCE_DIR" +msg "test: gcc, mbedtls_zeroize()" +cleanup +CC=gcc DEBUG=1 make programs +gdb -x tests/scripts/test_zeroize.gdb + +msg "test: clang, mbedtls_zeroize()" +cleanup +CC=clang DEBUG=1 make programs +gdb -x tests/scripts/test_zeroize.gdb + ################################################################ From e32df087fb3193dbb2689354492a11464db3adb0 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 25 Oct 2017 09:37:04 +0100 Subject: [PATCH 08/38] Remove individual copies of mbedtls_zeroize() This commit removes all the static occurrencies of the function mbedtls_zeroize() in each of the individual .c modules. Instead the function has been moved to utils.h that is included in each of the modules. --- library/aes.c | 6 +----- library/arc4.c | 6 +----- library/asn1parse.c | 6 +----- library/blowfish.c | 6 +----- library/camellia.c | 6 +----- library/ccm.c | 6 +----- library/cipher.c | 6 +----- library/cmac.c | 6 +----- library/ctr_drbg.c | 6 +----- library/des.c | 6 +----- library/dhm.c | 5 +---- library/ecp.c | 6 +----- library/entropy.c | 6 +----- library/gcm.c | 6 +----- library/havege.c | 6 +----- library/hmac_drbg.c | 6 +----- library/md.c | 6 +----- library/md2.c | 6 +----- library/md4.c | 6 +----- library/md5.c | 6 +----- library/memory_buffer_alloc.c | 6 +----- library/pem.c | 6 +----- library/pk.c | 7 ++----- library/pk_wrap.c | 11 ++++------- library/pkcs12.c | 6 +----- library/pkparse.c | 9 +-------- library/ripemd160.c | 6 +----- library/rsa.c | 6 +----- library/sha1.c | 6 +----- library/sha256.c | 6 +----- library/sha512.c | 6 +----- library/ssl_cli.c | 5 +---- library/ssl_cookie.c | 6 +----- library/ssl_srv.c | 5 +---- library/ssl_ticket.c | 6 +----- library/ssl_tls.c | 6 +----- library/x509_crl.c | 6 +----- library/x509_crt.c | 6 +----- library/x509_csr.c | 6 +----- library/x509write_crt.c | 6 +----- library/x509write_csr.c | 6 +----- library/xtea.c | 6 +----- 42 files changed, 46 insertions(+), 212 deletions(-) diff --git a/library/aes.c b/library/aes.c index da94b1943..797e00fa3 100644 --- a/library/aes.c +++ b/library/aes.c @@ -36,6 +36,7 @@ #include #include "mbedtls/aes.h" +#include "mbedtls/utils.h" #if defined(MBEDTLS_PADLOCK_C) #include "mbedtls/padlock.h" #endif @@ -54,11 +55,6 @@ #if !defined(MBEDTLS_AES_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (little endian) */ diff --git a/library/arc4.c b/library/arc4.c index 05b33d3fd..a6d2d4ef3 100644 --- a/library/arc4.c +++ b/library/arc4.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_ARC4_C) #include "mbedtls/arc4.h" +#include "mbedtls/utils.h" #include @@ -47,11 +48,6 @@ #if !defined(MBEDTLS_ARC4_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - void mbedtls_arc4_init( mbedtls_arc4_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_arc4_context ) ); diff --git a/library/asn1parse.c b/library/asn1parse.c index 4dd65c03c..10ec3d8cb 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -28,6 +28,7 @@ #if defined(MBEDTLS_ASN1_PARSE_C) #include "mbedtls/asn1.h" +#include "mbedtls/utils.h" #include @@ -43,11 +44,6 @@ #define mbedtls_free free #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * ASN.1 DER decoding routines */ diff --git a/library/blowfish.c b/library/blowfish.c index 9003f0dfe..59c579888 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -34,16 +34,12 @@ #if defined(MBEDTLS_BLOWFISH_C) #include "mbedtls/blowfish.h" +#include "mbedtls/utils.h" #include #if !defined(MBEDTLS_BLOWFISH_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (big endian) */ diff --git a/library/camellia.c b/library/camellia.c index ac6f96a83..b2115c4a6 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_CAMELLIA_C) #include "mbedtls/camellia.h" +#include "mbedtls/utils.h" #include @@ -48,11 +49,6 @@ #if !defined(MBEDTLS_CAMELLIA_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (big endian) */ diff --git a/library/ccm.c b/library/ccm.c index 9101e5f7c..a7a2cc446 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -37,6 +37,7 @@ #if defined(MBEDTLS_CCM_C) #include "mbedtls/ccm.h" +#include "mbedtls/utils.h" #include @@ -51,11 +52,6 @@ #if !defined(MBEDTLS_CCM_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - #define CCM_ENCRYPT 0 #define CCM_DECRYPT 1 diff --git a/library/cipher.c b/library/cipher.c index 7369f4823..1b2e569cb 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -33,6 +33,7 @@ #include "mbedtls/cipher.h" #include "mbedtls/cipher_internal.h" +#include "mbedtls/utils.h" #include #include @@ -60,11 +61,6 @@ #define MBEDTLS_CIPHER_MODE_STREAM #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - static int supported_init = 0; const int *mbedtls_cipher_list( void ) diff --git a/library/cmac.c b/library/cmac.c index a4a2106f2..54ad84340 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -49,6 +49,7 @@ #if defined(MBEDTLS_CMAC_C) #include "mbedtls/cmac.h" +#include "mbedtls/utils.h" #include @@ -67,11 +68,6 @@ #if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * Multiplication by u in the Galois field of GF(2^n) * diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index ff532a013..ae6d62f34 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/ctr_drbg.h" +#include "mbedtls/utils.h" #include @@ -49,11 +50,6 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * CTR_DRBG context initialization */ diff --git a/library/des.c b/library/des.c index 09f95cfc3..863a80c48 100644 --- a/library/des.c +++ b/library/des.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_DES_C) #include "mbedtls/des.h" +#include "mbedtls/utils.h" #include @@ -48,11 +49,6 @@ #if !defined(MBEDTLS_DES_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (big endian) */ diff --git a/library/dhm.c b/library/dhm.c index 28ac31003..5e510de2d 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -36,6 +36,7 @@ #if defined(MBEDTLS_DHM_C) #include "mbedtls/dhm.h" +#include "mbedtls/utils.h" #include @@ -58,10 +59,6 @@ #endif #if !defined(MBEDTLS_DHM_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} /* * helper to validate the mbedtls_mpi size and import it diff --git a/library/ecp.c b/library/ecp.c index 92a188b66..a2a122518 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -51,6 +51,7 @@ #include "mbedtls/ecp.h" #include "mbedtls/threading.h" +#include "mbedtls/utils.h" #include @@ -73,11 +74,6 @@ #define inline __inline #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - #if defined(MBEDTLS_SELF_TEST) /* * Counts of point addition and doubling, and field multiplications. diff --git a/library/entropy.c b/library/entropy.c index e17512e77..37fdf3a9a 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -35,6 +35,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/entropy_poll.h" +#include "mbedtls/utils.h" #include @@ -59,11 +60,6 @@ #include "mbedtls/havege.h" #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - #define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) diff --git a/library/gcm.c b/library/gcm.c index 294a86d3d..39e8dd3f2 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -38,6 +38,7 @@ #if defined(MBEDTLS_GCM_C) #include "mbedtls/gcm.h" +#include "mbedtls/utils.h" #include @@ -80,11 +81,6 @@ } #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Initialize a context */ diff --git a/library/havege.c b/library/havege.c index 2b75ef7bd..c9bb64dc1 100644 --- a/library/havege.c +++ b/library/havege.c @@ -36,14 +36,10 @@ #include "mbedtls/havege.h" #include "mbedtls/timing.h" +#include "mbedtls/utils.h" #include -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* ------------------------------------------------------------------------ * On average, one iteration accesses two 8-word blocks in the havege WALK * table, and generates 16 words in the RES array. diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 24c609e9c..1ef819d86 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_HMAC_DRBG_C) #include "mbedtls/hmac_drbg.h" +#include "mbedtls/utils.h" #include @@ -50,11 +51,6 @@ #endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_PLATFORM_C */ -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * HMAC_DRBG context initialization */ diff --git a/library/md.c b/library/md.c index 00249af78..c54ae85a9 100644 --- a/library/md.c +++ b/library/md.c @@ -33,6 +33,7 @@ #include "mbedtls/md.h" #include "mbedtls/md_internal.h" +#include "mbedtls/utils.h" #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" @@ -48,11 +49,6 @@ #include #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Reminder: update profiles in x509_crt.c when adding a new hash! */ diff --git a/library/md2.c b/library/md2.c index b88aa406a..37e35dc58 100644 --- a/library/md2.c +++ b/library/md2.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_MD2_C) #include "mbedtls/md2.h" +#include "mbedtls/utils.h" #include @@ -48,11 +49,6 @@ #if !defined(MBEDTLS_MD2_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - static const unsigned char PI_SUBST[256] = { 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36, diff --git a/library/md4.c b/library/md4.c index ba704f58e..a98d0a853 100644 --- a/library/md4.c +++ b/library/md4.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_MD4_C) #include "mbedtls/md4.h" +#include "mbedtls/utils.h" #include @@ -48,11 +49,6 @@ #if !defined(MBEDTLS_MD4_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (little endian) */ diff --git a/library/md5.c b/library/md5.c index 8440ebffc..f439a73ba 100644 --- a/library/md5.c +++ b/library/md5.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_MD5_C) #include "mbedtls/md5.h" +#include "mbedtls/utils.h" #include @@ -47,11 +48,6 @@ #if !defined(MBEDTLS_MD5_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (little endian) */ diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index 821ae2c70..68f094b3d 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -31,6 +31,7 @@ /* No need for the header guard as MBEDTLS_MEMORY_BUFFER_ALLOC_C is dependent upon MBEDTLS_PLATFORM_C */ #include "mbedtls/platform.h" +#include "mbedtls/utils.h" #include @@ -42,11 +43,6 @@ #include "mbedtls/threading.h" #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - #define MAGIC1 0xFF00AA55 #define MAGIC2 0xEE119966 #define MAX_BT 20 diff --git a/library/pem.c b/library/pem.c index 13f920869..527c5f44b 100644 --- a/library/pem.c +++ b/library/pem.c @@ -33,6 +33,7 @@ #include "mbedtls/aes.h" #include "mbedtls/md5.h" #include "mbedtls/cipher.h" +#include "mbedtls/utils.h" #include @@ -45,11 +46,6 @@ #endif #if defined(MBEDTLS_PEM_PARSE_C) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - void mbedtls_pem_init( mbedtls_pem_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_pem_context ) ); diff --git a/library/pk.c b/library/pk.c index b52c73fbc..bd3e4275d 100644 --- a/library/pk.c +++ b/library/pk.c @@ -29,6 +29,8 @@ #include "mbedtls/pk.h" #include "mbedtls/pk_internal.h" +#include "mbedtls/utils.h" + #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" #endif @@ -42,11 +44,6 @@ #include #include -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Initialise a mbedtls_pk_context */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 5446e2350..2e0971110 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -41,6 +41,10 @@ #include "mbedtls/ecdsa.h" #endif +#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) +#include "mbedtls/utils.h" +#endif + #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else @@ -52,13 +56,6 @@ #include #include -#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} -#endif - #if defined(MBEDTLS_RSA_C) static int rsa_can_do( mbedtls_pk_type_t type ) { diff --git a/library/pkcs12.c b/library/pkcs12.c index c603a1357..98b8324a9 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -36,6 +36,7 @@ #include "mbedtls/pkcs12.h" #include "mbedtls/asn1.h" #include "mbedtls/cipher.h" +#include "mbedtls/utils.h" #include @@ -47,11 +48,6 @@ #include "mbedtls/des.h" #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params, mbedtls_asn1_buf *salt, int *iterations ) { diff --git a/library/pkparse.c b/library/pkparse.c index 5ad5edf84..093ef5817 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -30,6 +30,7 @@ #include "mbedtls/pk.h" #include "mbedtls/asn1.h" #include "mbedtls/oid.h" +#include "mbedtls/utils.h" #include @@ -60,14 +61,6 @@ #define mbedtls_free free #endif -#if defined(MBEDTLS_FS_IO) || \ - defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} -#endif - #if defined(MBEDTLS_FS_IO) /* * Load all data from a file into a given buffer. diff --git a/library/ripemd160.c b/library/ripemd160.c index 2ba48b7fd..6cf027f8d 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_RIPEMD160_C) #include "mbedtls/ripemd160.h" +#include "mbedtls/utils.h" #include @@ -71,11 +72,6 @@ } #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) ); diff --git a/library/rsa.c b/library/rsa.c index 218504086..9e4a0f08f 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -48,6 +48,7 @@ #include "mbedtls/rsa.h" #include "mbedtls/rsa_internal.h" #include "mbedtls/oid.h" +#include "mbedtls/utils.h" #include @@ -70,11 +71,6 @@ #if !defined(MBEDTLS_RSA_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - #if defined(MBEDTLS_PKCS1_V15) /* constant-time buffer comparison */ static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n ) diff --git a/library/sha1.c b/library/sha1.c index 1f29a0fbf..a7577b4ef 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_SHA1_C) #include "mbedtls/sha1.h" +#include "mbedtls/utils.h" #include @@ -47,11 +48,6 @@ #if !defined(MBEDTLS_SHA1_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (big endian) */ diff --git a/library/sha256.c b/library/sha256.c index f39bcbab6..c92f2804c 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_SHA256_C) #include "mbedtls/sha256.h" +#include "mbedtls/utils.h" #include @@ -50,11 +51,6 @@ #if !defined(MBEDTLS_SHA256_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (big endian) */ diff --git a/library/sha512.c b/library/sha512.c index 97cee07c5..e8d1b69c6 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_SHA512_C) #include "mbedtls/sha512.h" +#include "mbedtls/utils.h" #if defined(_MSC_VER) || defined(__WATCOMC__) #define UL64(x) x##ui64 @@ -56,11 +57,6 @@ #if !defined(MBEDTLS_SHA512_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * 64-bit integer manipulation macros (big endian) */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 738014e9e..8ab9886a5 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -48,10 +48,7 @@ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} +#include "mbedtls/utils.h" #endif #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index caf119990..ec0814a2e 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -40,14 +40,10 @@ #include "mbedtls/ssl_cookie.h" #include "mbedtls/ssl_internal.h" +#include "mbedtls/utils.h" #include -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is * available. Try SHA-256 first, 512 wastes resources since we need to stay diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 2c180f13f..b4934a3a6 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -50,10 +50,7 @@ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} +#include "mbedtls/utils.h" #endif #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 4d9116d21..9e2276d2e 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -36,14 +36,10 @@ #endif #include "mbedtls/ssl_ticket.h" +#include "mbedtls/utils.h" #include -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Initialze context */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e8063d2c1..84f9c77ac 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -46,6 +46,7 @@ #include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" +#include "mbedtls/utils.h" #include @@ -53,11 +54,6 @@ #include "mbedtls/oid.h" #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* Length of the "epoch" field in the record header */ static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl ) { diff --git a/library/x509_crl.c b/library/x509_crl.c index b0f39d428..09c7ac318 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -39,6 +39,7 @@ #include "mbedtls/x509_crl.h" #include "mbedtls/oid.h" +#include "mbedtls/utils.h" #include @@ -66,11 +67,6 @@ #include #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Version ::= INTEGER { v1(0), v2(1) } */ diff --git a/library/x509_crt.c b/library/x509_crt.c index afff4e18b..c9969a80d 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -41,6 +41,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/oid.h" +#include "mbedtls/utils.h" #include #include @@ -90,11 +91,6 @@ typedef struct { */ #define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Default profile */ diff --git a/library/x509_csr.c b/library/x509_csr.c index 26a06db4f..8a74db85f 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -39,6 +39,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/oid.h" +#include "mbedtls/utils.h" #include @@ -60,11 +61,6 @@ #include #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Version ::= INTEGER { v1(0) } */ diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 41dfe87b7..dee77b841 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -37,6 +37,7 @@ #include "mbedtls/oid.h" #include "mbedtls/asn1write.h" #include "mbedtls/sha1.h" +#include "mbedtls/utils.h" #include @@ -44,11 +45,6 @@ #include "mbedtls/pem.h" #endif /* MBEDTLS_PEM_WRITE_C */ -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ) { memset( ctx, 0, sizeof( mbedtls_x509write_cert ) ); diff --git a/library/x509write_csr.c b/library/x509write_csr.c index e80053828..482e65eb7 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -35,6 +35,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/oid.h" #include "mbedtls/asn1write.h" +#include "mbedtls/utils.h" #include #include @@ -43,11 +44,6 @@ #include "mbedtls/pem.h" #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ) { memset( ctx, 0, sizeof( mbedtls_x509write_csr ) ); diff --git a/library/xtea.c b/library/xtea.c index fe0a3509f..65b416545 100644 --- a/library/xtea.c +++ b/library/xtea.c @@ -28,6 +28,7 @@ #if defined(MBEDTLS_XTEA_C) #include "mbedtls/xtea.h" +#include "mbedtls/utils.h" #include @@ -42,11 +43,6 @@ #if !defined(MBEDTLS_XTEA_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (big endian) */ From b1262a3bdb5ae7e478a04ec44143fbb4d9e9d16c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 25 Oct 2017 09:51:14 +0100 Subject: [PATCH 09/38] Allow compile-time alternate to mbedtls_zeroize() Add a new macro MBEDTLS_UTILS_ZEROIZE that allows users to configure mbedtls_zeroize() to an alternative definition when defined. If the macro is not defined, then mbed TLS will use the default definition of the function. --- include/mbedtls/config.h | 8 ++++++++ library/utils.c | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 9585e6922..8c35b86cd 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2852,6 +2852,14 @@ */ #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE +/** + * \def MBEDTLS_UTILS_ZEROIZE_ALT + * + * Uncomment the macro to let mbed TLS use your alternate implementation of + * mbedtls_zeroize(). + */ +//#define MBEDTLS_UTILS_ZEROIZE_ALT + /* \} name SECTION: Customisation configuration options */ /* Target and application specific configurations */ diff --git a/library/utils.c b/library/utils.c index f943cb1c6..3819558f4 100644 --- a/library/utils.c +++ b/library/utils.c @@ -19,10 +19,17 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "mbedtls/utils.h" #include +#if !defined(MBEDTLS_UTILS_ZEROIZE_ALT) /* This implementation should never be optimized out by the compiler */ void mbedtls_zeroize( void *buf, size_t len ) { @@ -31,3 +38,4 @@ void mbedtls_zeroize( void *buf, size_t len ) while( len-- ) *p++ = 0; } +#endif /* MBEDTLS_UTILS_ZEROIZE_ALT */ From 24768bfa370ad72ccd4fda6c74bccc5dc158546f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 25 Oct 2017 10:33:25 +0100 Subject: [PATCH 10/38] Improve test_zeroize.gdb breakpoint Improve the position of the breakpoint to be set at a line of code that is less likely to be optimised out by the compiler. Setting the breakpoint at a place that can be easily optimised out by the compiler will cause the gdb script to fail as it cannot match the source code line to the compiled code. For this reason the breakpoint is now set at the fclose() call which is very unlikely to be optimised out or there might be a resource leak. --- tests/scripts/test_zeroize.gdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 15b8b09b3..e0b1ac5b5 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -17,7 +17,7 @@ set confirm off file ./programs/test/zeroize -break zeroize.c:90 +break zeroize.c:88 set args ./programs/test/zeroize.c run From 2967381ccdadfc2f84e2da8b3072bc993e4e2e7e Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 25 Oct 2017 10:35:51 +0100 Subject: [PATCH 11/38] Extend zeroize tests to multiple optimizations Extend the all.sh test to cover multiple compiler optimization levels. At the momment, the test is run using gcc and clang. --- tests/scripts/all.sh | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f45062818..53f2a93de 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -907,15 +907,14 @@ make test cd "$MBEDTLS_ROOT_DIR" rm -rf "$OUT_OF_SOURCE_DIR" -msg "test: gcc, mbedtls_zeroize()" -cleanup -CC=gcc DEBUG=1 make programs -gdb -x tests/scripts/test_zeroize.gdb - -msg "test: clang, mbedtls_zeroize()" -cleanup -CC=clang DEBUG=1 make programs -gdb -x tests/scripts/test_zeroize.gdb +for optimization_flag in -O2 -O3 -Ofast -Os; do + for compiler in clang gcc; do + msg "test: $compiler $optimization_flag, mbedtls_zeroize()" + cleanup + CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" make programs + gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx + done +done From ecd1891c5128b5293138c3f350b6e68bce5ca579 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 26 Oct 2017 22:43:41 +0100 Subject: [PATCH 12/38] Change mbedtls_zeroize() to prevent optimizations Change mbedtls_zeroize() implementation to use memset() instead of a custom implementation for performance reasons. Furthermore, we would also like to prevent as much as we can compiler optimisations that remove zeroization code. The implementation of mbedtls_zeroize() now uses a volatile function pointer to memset() as suggested by Colin Percival at: http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html --- library/utils.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/library/utils.c b/library/utils.c index 3819558f4..1adf8adf4 100644 --- a/library/utils.c +++ b/library/utils.c @@ -28,14 +28,33 @@ #include "mbedtls/utils.h" #include +#include #if !defined(MBEDTLS_UTILS_ZEROIZE_ALT) -/* This implementation should never be optimized out by the compiler */ +/* + * This implementation should never be optimized out by the compiler + * + * This implementation for mbedtls_zeroize() uses a volatile function pointer. + * We always know that it points to memset(), but because it is volatile the + * compiler expects it to change at any time and will not optimize out the + * call that could potentially perform other operations on the input buffer + * instead of just setting it to 0. Nevertheless, optimizations of the + * following form are still possible: + * + * if( memset_func != memset ) + * memset_func( buf, 0, len ); + * + * Note that it is extremely difficult to guarantee that mbedtls_zeroize() + * will not be optimized out by aggressive compilers in a portable way. For + * this reason, mbed TLS also provides the configuration option + * MBEDTLS_UTILS_ZEROIZE_ALT, which allows users to configure + * mbedtls_zeroize() to use a suitable implementation for their platform and + * needs. + */ +static void * (* const volatile memset_func)( void *, int, size_t ) = memset; + void mbedtls_zeroize( void *buf, size_t len ) { - volatile unsigned char *p = (unsigned char *)buf; - - while( len-- ) - *p++ = 0; + memset_func( buf, 0, len ); } #endif /* MBEDTLS_UTILS_ZEROIZE_ALT */ From 0bd4237c2a02c8ef4d3858ebb6ad2bf5f8723094 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 26 Oct 2017 23:19:01 +0100 Subject: [PATCH 13/38] Fix formatting in utils.c file comment --- library/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/utils.c b/library/utils.c index 1adf8adf4..62b3244ed 100644 --- a/library/utils.c +++ b/library/utils.c @@ -1,5 +1,5 @@ /* - * mbedtls utility functions + * mbed TLS utility functions * * Copyright (C) 2017, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 From 88f8f41e5af4dfe7ef5a0b21657bb1065bd76ba5 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 31 Oct 2017 21:27:59 +0000 Subject: [PATCH 14/38] Move zeroize func call to end of program in zeroize.c --- programs/test/zeroize.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index 7f3e8b401..efd598001 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -79,13 +79,13 @@ int main( int argc, char** argv ) if( p - buf != 0 ) { mbedtls_printf( "%s\n", buf ); - mbedtls_zeroize( buf, sizeof( buf ) ); exit_code = MBEDTLS_EXIT_SUCCESS; } else mbedtls_printf( "The file is empty!\n" ); fclose( fp ); + mbedtls_zeroize( buf, sizeof( buf ) ); return( exit_code ); } From 7111a0d13ba0b49ab2711265817ec1911e554beb Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 31 Oct 2017 21:28:31 +0000 Subject: [PATCH 15/38] Change test_zeroize.gdb script breakpoint due to zeroize.c change --- tests/scripts/test_zeroize.gdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index e0b1ac5b5..15b8b09b3 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -17,7 +17,7 @@ set confirm off file ./programs/test/zeroize -break zeroize.c:88 +break zeroize.c:90 set args ./programs/test/zeroize.c run From 6e34e63eb30814957b18971719791363f501b11f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 1 Nov 2017 10:03:09 +0000 Subject: [PATCH 16/38] Fix style in programs/test/zeroize.c --- programs/test/zeroize.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index efd598001..14292b108 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -52,7 +52,7 @@ void usage( void ) int main( int argc, char** argv ) { int exit_code = MBEDTLS_EXIT_FAILURE; - FILE * fp; + FILE *fp; char buf[BUFFER_LEN]; char *p = buf; char *end = p + BUFFER_LEN; From 806f403a02f0501c15618a399209a7208f041d0f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 1 Nov 2017 10:03:36 +0000 Subject: [PATCH 17/38] Improve detection of program exit code in gdb script --- tests/scripts/test_zeroize.gdb | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 15b8b09b3..df15c8ab4 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -26,11 +26,6 @@ set $i = 0 set $len = sizeof(buf) set $buf = buf -if exit_code != 0 - echo The program did not terminate correctly\n - quit 1 -end - while $i < $len if $buf[$i++] != 0 echo The buffer at was not zeroized\n @@ -39,4 +34,12 @@ while $i < $len end echo The buffer was correctly zeroized\n + +continue + +if $_exitcode != 0 + echo The program did not terminate correctly\n + quit 1 +end + quit 0 From 1962405be15395797f4d47f537dc1c8c24311770 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 8 Mar 2018 20:06:03 +0000 Subject: [PATCH 18/38] Justify moving zeroize() to utils in ChangeLog --- ChangeLog | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7e915e710..fe588a4b8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,15 @@ API Changes if more data is pending to be processed in the internal message buffers. This function is necessary to determine when it is safe to idle on the underlying transport in case event-driven IO is used. + * Extend the platform module with a util component that contains + functionality shared by multiple Mbed TLS modules. At this stage + platform_util.h (and its associated platform_util.c) only contain + mbedtls_platform_zeroize(), which is a critical function from a security + point of view. mbedtls_platform_zeroize() needs to be regularly tested + against compilers to ensure that calls to it are not removed from the + output binary as part of redundant code elimination optimizations. + Therefore, mbedtls_platform_zeroize() is moved to the platform module to + facilitate testing and maintenance. Bugfix * Fix spurious uninitialized variable warning in cmac.c. Fix independently @@ -286,11 +295,6 @@ New deprecations from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin() accepting DHM parameters in binary form, matching the new constants. -API Changes - * Create a new header utils.h that contains functionality shared by multiple - mbed TLS modules. At this stage utils.h (and its associated utils.c) only - contain mbedtls_zeroize(). - Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. From 6606d5c4141d970dab05e8667bff4fa965c6d79f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 8 Mar 2018 20:25:29 +0000 Subject: [PATCH 19/38] Add config.h docs for MBEDTLS_UTILS_ZEROIZE_ALT --- include/mbedtls/config.h | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 8c35b86cd..7f0941fcf 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2856,7 +2856,20 @@ * \def MBEDTLS_UTILS_ZEROIZE_ALT * * Uncomment the macro to let mbed TLS use your alternate implementation of - * mbedtls_zeroize(). + * mbedtls_zeroize(). This replaced the default implementation in utils.c. + * + * mbedtls_zeroize() is a widely used function across the library to zero a + * block of memory. The implementation is expected to be secure in the sense + * that it has been written to prevent the compiler from removing calls to + * mbedtls_zeroize() as part of redundant code elimination optimizations. + * However, it is difficult to guarantee that calls to mbedtls_zeroize() will + * not be optimized by the compiler as older versions of the C language + * standards do not provide a secure implementation of memset(). Therefore, + * MBEDTLS_UTILS_ZEROIZE_ALT enables users to configure their own + * implementation of mbedtls_zeroize(), for example by using directives + * specific to their compiler, features from the C standard (e.g using + * memset_s() in C11) or calling a secure memset() from their system (e.g + * explicit_bzero() in BSD). */ //#define MBEDTLS_UTILS_ZEROIZE_ALT From 1e8ea5fa68223351553192a608ac06a6ac8dfbc3 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 8 Mar 2018 20:46:39 +0000 Subject: [PATCH 20/38] Improve docs for mbedtls_zeroize() and add refs --- include/mbedtls/utils.h | 7 +++++++ library/utils.c | 20 +++++++++++++------- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/utils.h b/include/mbedtls/utils.h index 61b1b76c0..cb03fb0e4 100644 --- a/include/mbedtls/utils.h +++ b/include/mbedtls/utils.h @@ -33,6 +33,13 @@ * * \note This implementation should never be optimized out by the * compiler + * + * \note It is extremely difficult to guarantee that calls to + * mbedtls_zeroize() are not removed by aggressive compiler + * optimizations in a portable way. For this reason, Mbed TLS + * provides the configuration option MBEDTLS_UTILS_ZEROIZE_ALT, + * which allows users to configure mbedtls_zeroize() to use a + * suitable implementation for their platform and needs */ void mbedtls_zeroize( void *buf, size_t len ); diff --git a/library/utils.c b/library/utils.c index 62b3244ed..e7fef6da1 100644 --- a/library/utils.c +++ b/library/utils.c @@ -34,19 +34,25 @@ /* * This implementation should never be optimized out by the compiler * - * This implementation for mbedtls_zeroize() uses a volatile function pointer. - * We always know that it points to memset(), but because it is volatile the - * compiler expects it to change at any time and will not optimize out the - * call that could potentially perform other operations on the input buffer - * instead of just setting it to 0. Nevertheless, optimizations of the - * following form are still possible: + * This implementation for mbedtls_zeroize() was inspired from Colin Percival's + * blog article at: + * + * http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html + * + * It uses a volatile function pointer to the standard memset(). Because the + * pointer is volatile the compiler expects it to change at + * any time and will not optimize out the call that could potentially perform + * other operations on the input buffer instead of just setting it to 0. + * Nevertheless, as pointed out by davidtgoldblatt on Hacker News + * (refer to http://www.daemonology.net/blog/2014-09-05-erratum.html for + * details), optimizations of the following form are still possible: * * if( memset_func != memset ) * memset_func( buf, 0, len ); * * Note that it is extremely difficult to guarantee that mbedtls_zeroize() * will not be optimized out by aggressive compilers in a portable way. For - * this reason, mbed TLS also provides the configuration option + * this reason, Mbed TLS also provides the configuration option * MBEDTLS_UTILS_ZEROIZE_ALT, which allows users to configure * mbedtls_zeroize() to use a suitable implementation for their platform and * needs. From 42defd10a6ff408a7c4502e3cf53df6c35a4dd94 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 8 Mar 2018 21:21:40 +0000 Subject: [PATCH 21/38] Improve docs for zeroize.c and test_zeroize.gdb --- programs/test/zeroize.c | 11 ++++++++++- tests/scripts/test_zeroize.gdb | 27 ++++++++++++++++++++++++++- 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index 14292b108..d7f2337d3 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -1,5 +1,14 @@ /* - * Zeroize demonstration program + * Zeroize application for debugger-driven testing + * + * This is a simple test application used for debbuger-driven testing to check + * whether calls to mbedtls_zeroize() are being eliminated by compiler + * optimizations. This application is used by the GDB script at + * tests/scripts/test_zeroize.gdb under the assumption that line numbers do not + * change often (as opposed to the library code) because the script sets a + * breakpoint at the last return statement in the main() function of this + * program. The debugger facilities are then used to manually inspect the + * memory and verify that the call to mbedtls_zeroize() was not eliminated. * * Copyright (C) 2017, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index df15c8ab4..c6184ee60 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -13,11 +13,36 @@ # debugger manually checks the contents to be zeroized and checks that it is # actually cleared. # +# The mbedtls_zeroize() test is debugger driven because there does not seem to +# be a mechanism to reliably check whether the zeroize calls are being +# eliminated by compiler optimizations from within the compiled program. The +# problem is that a compiler would typically remove what it considers to be +# "unecessary" assignments as part of redundant code elimination. To identify +# such code, the compilar will create some form dependency graph between +# reads and writes to variables (among other situations). It will then use this +# data structure to remove redundant code that does not have an impact on the +# program's observable behavior. In the case of mbedtls_zeroize(), an +# intelligent compiler could determine that this function clears a block of +# memory that is not accessed later in the program, so removing the call to +# mbedtls_zeroize() does not have an observable behavior. However, inserting a +# test after a call to mbedtls_zeroize() to check whether the block of +# memory was correctly zeroed would force the compiler to not eliminate the +# mbedtls_zeroize() call. If this does not occur, then the compiler potentially +# has a bug. +# # Note: This test requires that the test program is compiled with -g3. +# +# WARNING: There does not seem to be a mechanism in GDB scripts to set a +# breakpoint at the end of a function (probably because there are a lot of +# complications as function can have multiple exit points, etc). Therefore, it +# was necessary to hard-code the line number of the breakpoint in the zeroize.c +# test app. The assumption is that zeroize.c is a simple test app that does not +# change often (as opposed to the actual library code), so the breakpoint line +# number does not need to be updated often. set confirm off file ./programs/test/zeroize -break zeroize.c:90 +break zeroize.c:99 set args ./programs/test/zeroize.c run From 757cd72edf710e44ca864df7f1daccb6a7660973 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 8 Mar 2018 21:25:25 +0000 Subject: [PATCH 22/38] Update license headers year and branding --- include/mbedtls/utils.h | 6 +++--- library/utils.c | 6 +++--- programs/test/zeroize.c | 2 +- tests/scripts/test_zeroize.gdb | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/utils.h b/include/mbedtls/utils.h index cb03fb0e4..7eb2b68bf 100644 --- a/include/mbedtls/utils.h +++ b/include/mbedtls/utils.h @@ -1,9 +1,9 @@ /** * \file utils.h * - * \brief mbed TLS utility functions + * \brief Mbed TLS utility functions * - * Copyright (C) 2017, ARM Limited, All Rights Reserved + * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -18,7 +18,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_UTILS_H #define MBEDTLS_UTILS_H diff --git a/library/utils.c b/library/utils.c index e7fef6da1..34629eb97 100644 --- a/library/utils.c +++ b/library/utils.c @@ -1,7 +1,7 @@ /* - * mbed TLS utility functions + * Mbed TLS utility functions * - * Copyright (C) 2017, ARM Limited, All Rights Reserved + * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -16,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index d7f2337d3..a7b94e205 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -10,7 +10,7 @@ * program. The debugger facilities are then used to manually inspect the * memory and verify that the call to mbedtls_zeroize() was not eliminated. * - * Copyright (C) 2017, ARM Limited, All Rights Reserved + * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index c6184ee60..574379b04 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -1,8 +1,8 @@ # test_zeroize.gdb # -# This file is part of mbed TLS (https://tls.mbed.org) +# This file is part of Mbed TLS (https://tls.mbed.org) # -# Copyright (c) 2017, ARM Limited, All Rights Reserved +# Copyright (c) 2018, Arm Limited, All Rights Reserved # # Purpose # From ae8e30697345cf022dc27cfa1aa5b37fc74eefc7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 13 Mar 2018 19:19:16 +0000 Subject: [PATCH 23/38] Fix docs typos for zeroize related features/test --- include/mbedtls/config.h | 2 +- programs/test/zeroize.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 7f0941fcf..69754cf67 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2856,7 +2856,7 @@ * \def MBEDTLS_UTILS_ZEROIZE_ALT * * Uncomment the macro to let mbed TLS use your alternate implementation of - * mbedtls_zeroize(). This replaced the default implementation in utils.c. + * mbedtls_zeroize(). This replaces the default implementation in utils.c. * * mbedtls_zeroize() is a widely used function across the library to zero a * block of memory. The implementation is expected to be secure in the sense diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index a7b94e205..9f7742554 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -1,7 +1,7 @@ /* * Zeroize application for debugger-driven testing * - * This is a simple test application used for debbuger-driven testing to check + * This is a simple test application used for debugger-driven testing to check * whether calls to mbedtls_zeroize() are being eliminated by compiler * optimizations. This application is used by the GDB script at * tests/scripts/test_zeroize.gdb under the assumption that line numbers do not From 904e1efb8c69fc8395a5575a2a48d13ac3bfab22 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 09:16:30 -0500 Subject: [PATCH 24/38] Make utils module part of the platform --- include/mbedtls/{utils.h => platform_util.h} | 35 +++++++++++++------- library/CMakeLists.txt | 2 +- library/Makefile | 2 +- library/{utils.c => platform_util.c} | 25 +++++++------- 4 files changed, 38 insertions(+), 26 deletions(-) rename include/mbedtls/{utils.h => platform_util.h} (58%) rename library/{utils.c => platform_util.c} (70%) diff --git a/include/mbedtls/utils.h b/include/mbedtls/platform_util.h similarity index 58% rename from include/mbedtls/utils.h rename to include/mbedtls/platform_util.h index 7eb2b68bf..bda97102c 100644 --- a/include/mbedtls/utils.h +++ b/include/mbedtls/platform_util.h @@ -1,8 +1,10 @@ /** - * \file utils.h - * - * \brief Mbed TLS utility functions + * \file platform_util.h * + * \brief Common and shared functions used by multiple modules in the Mbed TLS + * library. + */ +/* * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * @@ -20,11 +22,15 @@ * * This file is part of Mbed TLS (https://tls.mbed.org) */ -#ifndef MBEDTLS_UTILS_H -#define MBEDTLS_UTILS_H +#ifndef MBEDTLS_PLATFORM_UTIL_H +#define MBEDTLS_PLATFORM_UTIL_H #include +#ifdef __cplusplus +extern "C" { +#endif + /** * \brief Securely zeroize a buffer * @@ -35,12 +41,17 @@ * compiler * * \note It is extremely difficult to guarantee that calls to - * mbedtls_zeroize() are not removed by aggressive compiler - * optimizations in a portable way. For this reason, Mbed TLS - * provides the configuration option MBEDTLS_UTILS_ZEROIZE_ALT, - * which allows users to configure mbedtls_zeroize() to use a - * suitable implementation for their platform and needs + * mbedtls_platform_zeroize() are not removed by aggressive + * compiler optimizations in a portable way. For this reason, Mbed + * TLS provides the configuration option + * MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure + * mbedtls_platform_zeroize() to use a suitable implementation for + * their platform and needs */ -void mbedtls_zeroize( void *buf, size_t len ); +void mbedtls_platform_zeroize( void *buf, size_t len ); -#endif /* MBEDTLS_UTILS_H */ +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_PLATFORM_UTIL_H */ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 24a2484a3..648b151a0 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -57,7 +57,7 @@ set(src_crypto version.c version_features.c xtea.c - utils.c + platform_util.c ) set(src_x509 diff --git a/library/Makefile b/library/Makefile index 46dce4e6f..fd4544aa4 100644 --- a/library/Makefile +++ b/library/Makefile @@ -66,7 +66,7 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ sha1.o sha256.o sha512.o \ threading.o timing.o version.o \ version_features.o xtea.o \ - utils.o + platform_util.o OBJS_X509= certs.o pkcs11.o x509.o \ x509_create.o x509_crl.o x509_crt.o \ diff --git a/library/utils.c b/library/platform_util.c similarity index 70% rename from library/utils.c rename to library/platform_util.c index 34629eb97..498e214ff 100644 --- a/library/utils.c +++ b/library/platform_util.c @@ -1,5 +1,6 @@ /* - * Mbed TLS utility functions + * Common and shared functions used by multiple modules in the Mbed TLS + * library. * * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 @@ -30,12 +31,12 @@ #include #include -#if !defined(MBEDTLS_UTILS_ZEROIZE_ALT) +#if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT) /* * This implementation should never be optimized out by the compiler * - * This implementation for mbedtls_zeroize() was inspired from Colin Percival's - * blog article at: + * This implementation for mbedtls_platform_zeroize() was inspired from Colin + * Percival's blog article at: * * http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html * @@ -50,17 +51,17 @@ * if( memset_func != memset ) * memset_func( buf, 0, len ); * - * Note that it is extremely difficult to guarantee that mbedtls_zeroize() - * will not be optimized out by aggressive compilers in a portable way. For - * this reason, Mbed TLS also provides the configuration option - * MBEDTLS_UTILS_ZEROIZE_ALT, which allows users to configure - * mbedtls_zeroize() to use a suitable implementation for their platform and - * needs. + * Note that it is extremely difficult to guarantee that + * mbedtls_platform_zeroize() will not be optimized out by aggressive compilers + * in a portable way. For this reason, Mbed TLS also provides the configuration + * option MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure + * mbedtls_platform_zeroize() to use a suitable implementation for their + * platform and needs. */ static void * (* const volatile memset_func)( void *, int, size_t ) = memset; -void mbedtls_zeroize( void *buf, size_t len ) +void mbedtls_platform_zeroize( void *buf, size_t len ) { memset_func( buf, 0, len ); } -#endif /* MBEDTLS_UTILS_ZEROIZE_ALT */ +#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */ From 1f6301b3c889efb8e353aa8179f691123549d6c7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 09:51:09 -0500 Subject: [PATCH 25/38] Rename mbedtls_zeroize to mbedtls_platform_zeroize --- library/aes.c | 4 +-- library/arc4.c | 4 +-- library/asn1parse.c | 6 ++-- library/bignum.c | 18 ++++------ library/blowfish.c | 4 +-- library/camellia.c | 4 +-- library/ccm.c | 6 ++-- library/cipher.c | 7 ++-- library/cmac.c | 32 ++++++++--------- library/ctr_drbg.c | 18 +++++----- library/des.c | 14 ++++---- library/dhm.c | 8 ++--- library/ecp.c | 4 +-- library/entropy.c | 14 ++++---- library/gcm.c | 6 ++-- library/havege.c | 4 +-- library/hmac_drbg.c | 8 ++--- library/md.c | 11 +++--- library/md2.c | 4 +-- library/md4.c | 4 +-- library/md5.c | 4 +-- library/memory_buffer_alloc.c | 4 +-- library/pem.c | 22 ++++++------ library/pk.c | 4 +-- library/pk_wrap.c | 4 +-- library/pkcs12.c | 16 ++++----- library/pkparse.c | 10 +++--- library/platform.c | 11 ++---- library/platform_util.c | 2 +- library/ripemd160.c | 4 +-- library/rsa.c | 18 +++++----- library/sha1.c | 4 +-- library/sha256.c | 4 +-- library/sha512.c | 4 +-- library/ssl_cli.c | 6 ++-- library/ssl_cookie.c | 6 ++-- library/ssl_srv.c | 4 +-- library/ssl_ticket.c | 6 ++-- library/ssl_tls.c | 68 ++++++++++++++++++----------------- library/x509_crl.c | 13 +++---- library/x509_crt.c | 18 +++++----- library/x509_csr.c | 10 +++--- library/x509write_crt.c | 4 +-- library/x509write_csr.c | 4 +-- library/xtea.c | 4 +-- 45 files changed, 216 insertions(+), 218 deletions(-) diff --git a/library/aes.c b/library/aes.c index 797e00fa3..b0aea0091 100644 --- a/library/aes.c +++ b/library/aes.c @@ -36,7 +36,7 @@ #include #include "mbedtls/aes.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #if defined(MBEDTLS_PADLOCK_C) #include "mbedtls/padlock.h" #endif @@ -518,7 +518,7 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_aes_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) ); } /* diff --git a/library/arc4.c b/library/arc4.c index a6d2d4ef3..b8998ac6c 100644 --- a/library/arc4.c +++ b/library/arc4.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_ARC4_C) #include "mbedtls/arc4.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -58,7 +58,7 @@ void mbedtls_arc4_free( mbedtls_arc4_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_arc4_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_arc4_context ) ); } /* diff --git a/library/asn1parse.c b/library/asn1parse.c index 10ec3d8cb..171c340b8 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -28,7 +28,7 @@ #if defined(MBEDTLS_ASN1_PARSE_C) #include "mbedtls/asn1.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -309,7 +309,7 @@ int mbedtls_asn1_get_alg( unsigned char **p, if( *p == end ) { - mbedtls_zeroize( params, sizeof(mbedtls_asn1_buf) ); + mbedtls_platform_zeroize( params, sizeof(mbedtls_asn1_buf) ); return( 0 ); } @@ -354,7 +354,7 @@ void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur ) mbedtls_free( cur->oid.p ); mbedtls_free( cur->val.p ); - mbedtls_zeroize( cur, sizeof( mbedtls_asn1_named_data ) ); + mbedtls_platform_zeroize( cur, sizeof( mbedtls_asn1_named_data ) ); } void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head ) diff --git a/library/bignum.c b/library/bignum.c index 47bf1ef97..fb748d8a1 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -45,6 +45,7 @@ #include "mbedtls/bignum.h" #include "mbedtls/bn_mul.h" +#include "mbedtls/platform_util.h" #include @@ -58,16 +59,6 @@ #define mbedtls_free free #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) { - volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0; -} - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - #define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ #define biL (ciL << 3) /* bits in limb */ #define biH (ciL << 2) /* half limb size */ @@ -81,6 +72,11 @@ static void mbedtls_zeroize( void *v, size_t n ) { #define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) #define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) +/* Implementation that should never be optimized out by the compiler */ +static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) { + mbedtls_platform_zeroize( v, ciL * n ); +} + /* * Initialize one MPI */ @@ -1897,7 +1893,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) ); cleanup: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); return( ret ); } diff --git a/library/blowfish.c b/library/blowfish.c index 59c579888..5b6bb9885 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_BLOWFISH_C) #include "mbedtls/blowfish.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -161,7 +161,7 @@ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_blowfish_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_blowfish_context ) ); } /* diff --git a/library/camellia.c b/library/camellia.c index b2115c4a6..41b7da0fa 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_CAMELLIA_C) #include "mbedtls/camellia.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -329,7 +329,7 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_camellia_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) ); } /* diff --git a/library/ccm.c b/library/ccm.c index a7a2cc446..cf6520935 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -37,7 +37,7 @@ #if defined(MBEDTLS_CCM_C) #include "mbedtls/ccm.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -98,7 +98,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, void mbedtls_ccm_free( mbedtls_ccm_context *ctx ) { mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_zeroize( ctx, sizeof( mbedtls_ccm_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) ); } /* @@ -339,7 +339,7 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, if( diff != 0 ) { - mbedtls_zeroize( output, length ); + mbedtls_platform_zeroize( output, length ); return( MBEDTLS_ERR_CCM_AUTH_FAILED ); } diff --git a/library/cipher.c b/library/cipher.c index 1b2e569cb..a5cd61cdf 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -33,7 +33,7 @@ #include "mbedtls/cipher.h" #include "mbedtls/cipher_internal.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include #include @@ -137,7 +137,8 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ) #if defined(MBEDTLS_CMAC_C) if( ctx->cmac_ctx ) { - mbedtls_zeroize( ctx->cmac_ctx, sizeof( mbedtls_cmac_context_t ) ); + mbedtls_platform_zeroize( ctx->cmac_ctx, + sizeof( mbedtls_cmac_context_t ) ); mbedtls_free( ctx->cmac_ctx ); } #endif @@ -145,7 +146,7 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ) if( ctx->cipher_ctx ) ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx ); - mbedtls_zeroize( ctx, sizeof(mbedtls_cipher_context_t) ); + mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) ); } int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info ) diff --git a/library/cmac.c b/library/cmac.c index 54ad84340..4d7a1f169 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -49,7 +49,7 @@ #if defined(MBEDTLS_CMAC_C) #include "mbedtls/cmac.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -140,7 +140,7 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx, unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX]; size_t olen, block_size; - mbedtls_zeroize( L, sizeof( L ) ); + mbedtls_platform_zeroize( L, sizeof( L ) ); block_size = ctx->cipher_info->block_size; @@ -158,7 +158,7 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx, goto exit; exit: - mbedtls_zeroize( L, sizeof( L ) ); + mbedtls_platform_zeroize( L, sizeof( L ) ); return( ret ); } @@ -234,7 +234,7 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, ctx->cmac_ctx = cmac_ctx; - mbedtls_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) ); + mbedtls_platform_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) ); return 0; } @@ -326,8 +326,8 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, block_size = ctx->cipher_info->block_size; state = cmac_ctx->state; - mbedtls_zeroize( K1, sizeof( K1 ) ); - mbedtls_zeroize( K2, sizeof( K2 ) ); + mbedtls_platform_zeroize( K1, sizeof( K1 ) ); + mbedtls_platform_zeroize( K2, sizeof( K2 ) ); cmac_generate_subkeys( ctx, K1, K2 ); last_block = cmac_ctx->unprocessed_block; @@ -357,14 +357,14 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, exit: /* Wipe the generated keys on the stack, and any other transients to avoid * side channel leakage */ - mbedtls_zeroize( K1, sizeof( K1 ) ); - mbedtls_zeroize( K2, sizeof( K2 ) ); + mbedtls_platform_zeroize( K1, sizeof( K1 ) ); + mbedtls_platform_zeroize( K2, sizeof( K2 ) ); cmac_ctx->unprocessed_len = 0; - mbedtls_zeroize( cmac_ctx->unprocessed_block, - sizeof( cmac_ctx->unprocessed_block ) ); + mbedtls_platform_zeroize( cmac_ctx->unprocessed_block, + sizeof( cmac_ctx->unprocessed_block ) ); - mbedtls_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX ); + mbedtls_platform_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX ); return( ret ); } @@ -379,10 +379,10 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ) /* Reset the internal state */ cmac_ctx->unprocessed_len = 0; - mbedtls_zeroize( cmac_ctx->unprocessed_block, - sizeof( cmac_ctx->unprocessed_block ) ); - mbedtls_zeroize( cmac_ctx->state, - sizeof( cmac_ctx->state ) ); + mbedtls_platform_zeroize( cmac_ctx->unprocessed_block, + sizeof( cmac_ctx->unprocessed_block ) ); + mbedtls_platform_zeroize( cmac_ctx->state, + sizeof( cmac_ctx->state ) ); return( 0 ); } @@ -462,7 +462,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, output ); exit: - mbedtls_zeroize( int_key, sizeof( int_key ) ); + mbedtls_platform_zeroize( int_key, sizeof( int_key ) ); return( ret ); } diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index ae6d62f34..d0e5ba862 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/ctr_drbg.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -121,7 +121,7 @@ void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx ) mbedtls_mutex_free( &ctx->mutex ); #endif mbedtls_aes_free( &ctx->aes_ctx ); - mbedtls_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) ); } void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, int resistance ) @@ -241,16 +241,16 @@ exit: /* * tidy up the stack */ - mbedtls_zeroize( buf, sizeof( buf ) ); - mbedtls_zeroize( tmp, sizeof( tmp ) ); - mbedtls_zeroize( key, sizeof( key ) ); - mbedtls_zeroize( chain, sizeof( chain ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize( key, sizeof( key ) ); + mbedtls_platform_zeroize( chain, sizeof( chain ) ); if( 0 != ret ) { /* * wipe partial seed from memory */ - mbedtls_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN ); + mbedtls_platform_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN ); } return( ret ); @@ -489,7 +489,7 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char ret = 0; exit: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); fclose( f ); return( ret ); @@ -522,7 +522,7 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char fclose( f ); - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); if( ret != 0 ) return( ret ); diff --git a/library/des.c b/library/des.c index 863a80c48..ca9e071f3 100644 --- a/library/des.c +++ b/library/des.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_DES_C) #include "mbedtls/des.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -312,7 +312,7 @@ void mbedtls_des_free( mbedtls_des_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_des_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des_context ) ); } void mbedtls_des3_init( mbedtls_des3_context *ctx ) @@ -325,7 +325,7 @@ void mbedtls_des3_free( mbedtls_des3_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_des3_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des3_context ) ); } static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8, @@ -549,7 +549,7 @@ int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx, uint32_t sk[96]; des3_set2key( ctx->sk, sk, key ); - mbedtls_zeroize( sk, sizeof( sk ) ); + mbedtls_platform_zeroize( sk, sizeof( sk ) ); return( 0 ); } @@ -563,7 +563,7 @@ int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx, uint32_t sk[96]; des3_set2key( sk, ctx->sk, key ); - mbedtls_zeroize( sk, sizeof( sk ) ); + mbedtls_platform_zeroize( sk, sizeof( sk ) ); return( 0 ); } @@ -600,7 +600,7 @@ int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx, uint32_t sk[96]; des3_set3key( ctx->sk, sk, key ); - mbedtls_zeroize( sk, sizeof( sk ) ); + mbedtls_platform_zeroize( sk, sizeof( sk ) ); return( 0 ); } @@ -614,7 +614,7 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx, uint32_t sk[96]; des3_set3key( sk, ctx->sk, key ); - mbedtls_zeroize( sk, sizeof( sk ) ); + mbedtls_platform_zeroize( sk, sizeof( sk ) ); return( 0 ); } diff --git a/library/dhm.c b/library/dhm.c index 5e510de2d..82cbb0ce8 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -36,7 +36,7 @@ #if defined(MBEDTLS_DHM_C) #include "mbedtls/dhm.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -434,7 +434,7 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ) mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X ); mbedtls_mpi_free( &ctx->G ); mbedtls_mpi_free( &ctx->P ); - mbedtls_zeroize( ctx, sizeof( mbedtls_dhm_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) ); } #if defined(MBEDTLS_ASN1_PARSE_C) @@ -572,7 +572,7 @@ static int load_file( const char *path, unsigned char **buf, size_t *n ) { fclose( f ); - mbedtls_zeroize( *buf, *n + 1 ); + mbedtls_platform_zeroize( *buf, *n + 1 ); mbedtls_free( *buf ); return( MBEDTLS_ERR_DHM_FILE_IO_ERROR ); @@ -602,7 +602,7 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ) ret = mbedtls_dhm_parse_dhm( dhm, buf, n ); - mbedtls_zeroize( buf, n ); + mbedtls_platform_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); diff --git a/library/ecp.c b/library/ecp.c index a2a122518..41db3fbe5 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -51,7 +51,7 @@ #include "mbedtls/ecp.h" #include "mbedtls/threading.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -344,7 +344,7 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ) mbedtls_free( grp->T ); } - mbedtls_zeroize( grp, sizeof( mbedtls_ecp_group ) ); + mbedtls_platform_zeroize( grp, sizeof( mbedtls_ecp_group ) ); } /* diff --git a/library/entropy.c b/library/entropy.c index 37fdf3a9a..f8db1a550 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -35,7 +35,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/entropy_poll.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -136,7 +136,7 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx ) ctx->initial_entropy_run = 0; #endif ctx->source_count = 0; - mbedtls_zeroize( ctx->source, sizeof( ctx->source ) ); + mbedtls_platform_zeroize( ctx->source, sizeof( ctx->source ) ); ctx->accumulator_started = 0; } @@ -228,7 +228,7 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id #endif cleanup: - mbedtls_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); return( ret ); } @@ -296,7 +296,7 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx ) ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE; cleanup: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); return( ret ); } @@ -429,7 +429,7 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) ret = 0; exit: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); #if defined(MBEDTLS_THREADING_C) if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) @@ -482,7 +482,7 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p ret = 0; exit: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); fclose( f ); return( ret ); @@ -512,7 +512,7 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char * fclose( f ); - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); if( ret != 0 ) return( ret ); diff --git a/library/gcm.c b/library/gcm.c index 39e8dd3f2..57b027933 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -38,7 +38,7 @@ #if defined(MBEDTLS_GCM_C) #include "mbedtls/gcm.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -494,7 +494,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, if( diff != 0 ) { - mbedtls_zeroize( output, length ); + mbedtls_platform_zeroize( output, length ); return( MBEDTLS_ERR_GCM_AUTH_FAILED ); } @@ -504,7 +504,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, void mbedtls_gcm_free( mbedtls_gcm_context *ctx ) { mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_zeroize( ctx, sizeof( mbedtls_gcm_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) ); } #endif /* !MBEDTLS_GCM_ALT */ diff --git a/library/havege.c b/library/havege.c index c9bb64dc1..4dcac0287 100644 --- a/library/havege.c +++ b/library/havege.c @@ -36,7 +36,7 @@ #include "mbedtls/havege.h" #include "mbedtls/timing.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -204,7 +204,7 @@ void mbedtls_havege_free( mbedtls_havege_state *hs ) if( hs == NULL ) return; - mbedtls_zeroize( hs, sizeof( mbedtls_havege_state ) ); + mbedtls_platform_zeroize( hs, sizeof( mbedtls_havege_state ) ); } /* diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 1ef819d86..dad55ff86 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_HMAC_DRBG_C) #include "mbedtls/hmac_drbg.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -334,7 +334,7 @@ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx ) mbedtls_mutex_free( &ctx->mutex ); #endif mbedtls_md_free( &ctx->md_ctx ); - mbedtls_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) ); } #if defined(MBEDTLS_FS_IO) @@ -360,7 +360,7 @@ int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const cha exit: fclose( f ); - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); return( ret ); } @@ -392,7 +392,7 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch fclose( f ); - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); if( ret != 0 ) return( ret ); diff --git a/library/md.c b/library/md.c index c54ae85a9..303cdcbee 100644 --- a/library/md.c +++ b/library/md.c @@ -33,7 +33,7 @@ #include "mbedtls/md.h" #include "mbedtls/md_internal.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" @@ -189,11 +189,12 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ) if( ctx->hmac_ctx != NULL ) { - mbedtls_zeroize( ctx->hmac_ctx, 2 * ctx->md_info->block_size ); + mbedtls_platform_zeroize( ctx->hmac_ctx, + 2 * ctx->md_info->block_size ); mbedtls_free( ctx->hmac_ctx ); } - mbedtls_zeroize( ctx, sizeof( mbedtls_md_context_t ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) ); } int mbedtls_md_clone( mbedtls_md_context_t *dst, @@ -307,7 +308,7 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne ret = md_info->finish_func( ctx.md_ctx, output ); cleanup: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); fclose( f ); mbedtls_md_free( &ctx ); @@ -357,7 +358,7 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, goto cleanup; cleanup: - mbedtls_zeroize( sum, sizeof( sum ) ); + mbedtls_platform_zeroize( sum, sizeof( sum ) ); return( ret ); } diff --git a/library/md2.c b/library/md2.c index 37e35dc58..1c0b3df52 100644 --- a/library/md2.c +++ b/library/md2.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_MD2_C) #include "mbedtls/md2.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -89,7 +89,7 @@ void mbedtls_md2_free( mbedtls_md2_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_md2_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md2_context ) ); } void mbedtls_md2_clone( mbedtls_md2_context *dst, diff --git a/library/md4.c b/library/md4.c index a98d0a853..3f8ddff31 100644 --- a/library/md4.c +++ b/library/md4.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_MD4_C) #include "mbedtls/md4.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -82,7 +82,7 @@ void mbedtls_md4_free( mbedtls_md4_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_md4_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md4_context ) ); } void mbedtls_md4_clone( mbedtls_md4_context *dst, diff --git a/library/md5.c b/library/md5.c index f439a73ba..8238c2b81 100644 --- a/library/md5.c +++ b/library/md5.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_MD5_C) #include "mbedtls/md5.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -81,7 +81,7 @@ void mbedtls_md5_free( mbedtls_md5_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_md5_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md5_context ) ); } void mbedtls_md5_clone( mbedtls_md5_context *dst, diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index 68f094b3d..ceaeda1e7 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -31,7 +31,7 @@ /* No need for the header guard as MBEDTLS_MEMORY_BUFFER_ALLOC_C is dependent upon MBEDTLS_PLATFORM_C */ #include "mbedtls/platform.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -608,7 +608,7 @@ void mbedtls_memory_buffer_alloc_free( void ) #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_free( &heap.mutex ); #endif - mbedtls_zeroize( &heap, sizeof(buffer_alloc_ctx) ); + mbedtls_platform_zeroize( &heap, sizeof(buffer_alloc_ctx) ); } #if defined(MBEDTLS_SELF_TEST) diff --git a/library/pem.c b/library/pem.c index 527c5f44b..6069a23de 100644 --- a/library/pem.c +++ b/library/pem.c @@ -33,7 +33,7 @@ #include "mbedtls/aes.h" #include "mbedtls/md5.h" #include "mbedtls/cipher.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -131,7 +131,7 @@ static int pem_pbkdf1( unsigned char *key, size_t keylen, exit: mbedtls_md5_free( &md5_ctx ); - mbedtls_zeroize( md5sum, 16 ); + mbedtls_platform_zeroize( md5sum, 16 ); return( ret ); } @@ -160,7 +160,7 @@ static int pem_des_decrypt( unsigned char des_iv[8], exit: mbedtls_des_free( &des_ctx ); - mbedtls_zeroize( des_key, 8 ); + mbedtls_platform_zeroize( des_key, 8 ); return( ret ); } @@ -188,7 +188,7 @@ static int pem_des3_decrypt( unsigned char des3_iv[8], exit: mbedtls_des3_free( &des3_ctx ); - mbedtls_zeroize( des3_key, 24 ); + mbedtls_platform_zeroize( des3_key, 24 ); return( ret ); } @@ -218,7 +218,7 @@ static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, exit: mbedtls_aes_free( &aes_ctx ); - mbedtls_zeroize( aes_key, keylen ); + mbedtls_platform_zeroize( aes_key, keylen ); return( ret ); } @@ -355,7 +355,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 ) { - mbedtls_zeroize( buf, len ); + mbedtls_platform_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_INVALID_DATA + ret ); } @@ -366,7 +366,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) if( pwd == NULL ) { - mbedtls_zeroize( buf, len ); + mbedtls_platform_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ); } @@ -403,12 +403,12 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const */ if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 ) { - mbedtls_zeroize( buf, len ); + mbedtls_platform_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ); } #else - mbedtls_zeroize( buf, len ); + mbedtls_platform_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE ); #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && @@ -424,11 +424,11 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const void mbedtls_pem_free( mbedtls_pem_context *ctx ) { if( ctx->buf != NULL ) - mbedtls_zeroize( ctx->buf, ctx->buflen ); + mbedtls_platform_zeroize( ctx->buf, ctx->buflen ); mbedtls_free( ctx->buf ); mbedtls_free( ctx->info ); - mbedtls_zeroize( ctx, sizeof( mbedtls_pem_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) ); } #endif /* MBEDTLS_PEM_PARSE_C */ diff --git a/library/pk.c b/library/pk.c index bd3e4275d..f05b139e3 100644 --- a/library/pk.c +++ b/library/pk.c @@ -29,7 +29,7 @@ #include "mbedtls/pk.h" #include "mbedtls/pk_internal.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" @@ -66,7 +66,7 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx ) ctx->pk_info->ctx_free_func( ctx->pk_ctx ); - mbedtls_zeroize( ctx, sizeof( mbedtls_pk_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) ); } /* diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 2e0971110..2c7d2d79b 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -42,7 +42,7 @@ #endif #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #endif #if defined(MBEDTLS_PLATFORM_C) @@ -495,7 +495,7 @@ static void *rsa_alt_alloc_wrap( void ) static void rsa_alt_free_wrap( void *ctx ) { - mbedtls_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) ); mbedtls_free( ctx ); } diff --git a/library/pkcs12.c b/library/pkcs12.c index 98b8324a9..16a15cb63 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -36,7 +36,7 @@ #include "mbedtls/pkcs12.h" #include "mbedtls/asn1.h" #include "mbedtls/cipher.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -162,7 +162,7 @@ int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, goto exit; exit: - mbedtls_zeroize( key, sizeof( key ) ); + mbedtls_platform_zeroize( key, sizeof( key ) ); mbedtls_arc4_free( &ctx ); return( ret ); @@ -219,8 +219,8 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH; exit: - mbedtls_zeroize( key, sizeof( key ) ); - mbedtls_zeroize( iv, sizeof( iv ) ); + mbedtls_platform_zeroize( key, sizeof( key ) ); + mbedtls_platform_zeroize( iv, sizeof( iv ) ); mbedtls_cipher_free( &cipher_ctx ); return( ret ); @@ -348,10 +348,10 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, ret = 0; exit: - mbedtls_zeroize( salt_block, sizeof( salt_block ) ); - mbedtls_zeroize( pwd_block, sizeof( pwd_block ) ); - mbedtls_zeroize( hash_block, sizeof( hash_block ) ); - mbedtls_zeroize( hash_output, sizeof( hash_output ) ); + mbedtls_platform_zeroize( salt_block, sizeof( salt_block ) ); + mbedtls_platform_zeroize( pwd_block, sizeof( pwd_block ) ); + mbedtls_platform_zeroize( hash_block, sizeof( hash_block ) ); + mbedtls_platform_zeroize( hash_output, sizeof( hash_output ) ); mbedtls_md_free( &md_ctx ); diff --git a/library/pkparse.c b/library/pkparse.c index 093ef5817..ccb7f5409 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -30,7 +30,7 @@ #include "mbedtls/pk.h" #include "mbedtls/asn1.h" #include "mbedtls/oid.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -98,7 +98,7 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ) { fclose( f ); - mbedtls_zeroize( *buf, *n ); + mbedtls_platform_zeroize( *buf, *n ); mbedtls_free( *buf ); return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); @@ -133,7 +133,7 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, ret = mbedtls_pk_parse_key( ctx, buf, n, (const unsigned char *) pwd, strlen( pwd ) ); - mbedtls_zeroize( buf, n ); + mbedtls_platform_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); @@ -153,7 +153,7 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) ret = mbedtls_pk_parse_public_key( ctx, buf, n ); - mbedtls_zeroize( buf, n ); + mbedtls_platform_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); @@ -1288,7 +1288,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen, pwd, pwdlen ); - mbedtls_zeroize( key_copy, keylen ); + mbedtls_platform_zeroize( key_copy, keylen ); mbedtls_free( key_copy ); } diff --git a/library/platform.c b/library/platform.c index a295f9b9a..9e992875d 100644 --- a/library/platform.c +++ b/library/platform.c @@ -28,14 +28,7 @@ #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" - -#if defined(MBEDTLS_ENTROPY_NV_SEED) && \ - !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} -#endif +#include "mbedtls/platform_util.h" #if defined(MBEDTLS_PLATFORM_MEMORY) #if !defined(MBEDTLS_PLATFORM_STD_CALLOC) @@ -241,7 +234,7 @@ int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len ) if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len ) { fclose( file ); - mbedtls_zeroize( buf, buf_len ); + mbedtls_platform_zeroize( buf, buf_len ); return( -1 ); } diff --git a/library/platform_util.c b/library/platform_util.c index 498e214ff..1a57de939 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -26,7 +26,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include #include diff --git a/library/ripemd160.c b/library/ripemd160.c index 6cf027f8d..bd25ada62 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_RIPEMD160_C) #include "mbedtls/ripemd160.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -82,7 +82,7 @@ void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) ); } void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, diff --git a/library/rsa.c b/library/rsa.c index 9e4a0f08f..0055223c8 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -48,7 +48,7 @@ #include "mbedtls/rsa.h" #include "mbedtls/rsa_internal.h" #include "mbedtls/oid.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -1038,7 +1038,7 @@ static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, } exit: - mbedtls_zeroize( mask, sizeof( mask ) ); + mbedtls_platform_zeroize( mask, sizeof( mask ) ); return( ret ); } @@ -1352,8 +1352,8 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, ret = 0; cleanup: - mbedtls_zeroize( buf, sizeof( buf ) ); - mbedtls_zeroize( lhash, sizeof( lhash ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( lhash, sizeof( lhash ) ); return( ret ); } @@ -1450,7 +1450,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, ret = 0; cleanup: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); return( ret ); } @@ -1581,7 +1581,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, p += hlen; *p++ = 0xBC; - mbedtls_zeroize( salt, sizeof( salt ) ); + mbedtls_platform_zeroize( salt, sizeof( salt ) ); exit: mbedtls_md_free( &md_ctx ); @@ -1723,7 +1723,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, * after the initial bounds check. */ if( p != dst + dst_len ) { - mbedtls_zeroize( dst, dst_len ); + mbedtls_platform_zeroize( dst, dst_len ); return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } @@ -2060,13 +2060,13 @@ cleanup: if( encoded != NULL ) { - mbedtls_zeroize( encoded, sig_len ); + mbedtls_platform_zeroize( encoded, sig_len ); mbedtls_free( encoded ); } if( encoded_expected != NULL ) { - mbedtls_zeroize( encoded_expected, sig_len ); + mbedtls_platform_zeroize( encoded_expected, sig_len ); mbedtls_free( encoded_expected ); } diff --git a/library/sha1.c b/library/sha1.c index a7577b4ef..1587de480 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_SHA1_C) #include "mbedtls/sha1.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -81,7 +81,7 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha1_context ) ); } void mbedtls_sha1_clone( mbedtls_sha1_context *dst, diff --git a/library/sha256.c b/library/sha256.c index c92f2804c..695485d84 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_SHA256_C) #include "mbedtls/sha256.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -84,7 +84,7 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); } void mbedtls_sha256_clone( mbedtls_sha256_context *dst, diff --git a/library/sha512.c b/library/sha512.c index e8d1b69c6..6de94e99b 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_SHA512_C) #include "mbedtls/sha512.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #if defined(_MSC_VER) || defined(__WATCOMC__) #define UL64(x) x##ui64 @@ -98,7 +98,7 @@ void mbedtls_sha512_free( mbedtls_sha512_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) ); } void mbedtls_sha512_clone( mbedtls_sha512_context *dst, diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 8ab9886a5..f5fecb723 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -48,7 +48,7 @@ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #endif #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) @@ -3286,8 +3286,8 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) if( ticket_len == 0 ) return( 0 ); - mbedtls_zeroize( ssl->session_negotiate->ticket, - ssl->session_negotiate->ticket_len ); + mbedtls_platform_zeroize( ssl->session_negotiate->ticket, + ssl->session_negotiate->ticket_len ); mbedtls_free( ssl->session_negotiate->ticket ); ssl->session_negotiate->ticket = NULL; ssl->session_negotiate->ticket_len = 0; diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index ec0814a2e..56e9bdd2b 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -40,7 +40,7 @@ #include "mbedtls/ssl_cookie.h" #include "mbedtls/ssl_internal.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -97,7 +97,7 @@ void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx ) mbedtls_mutex_free( &ctx->mutex ); #endif - mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) ); } int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, @@ -118,7 +118,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, if( ret != 0 ) return( ret ); - mbedtls_zeroize( key, sizeof( key ) ); + mbedtls_platform_zeroize( key, sizeof( key ) ); return( 0 ); } diff --git a/library/ssl_srv.c b/library/ssl_srv.c index b4934a3a6..313938ee8 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -50,7 +50,7 @@ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #endif #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) @@ -550,7 +550,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, memcpy( ssl->session_negotiate, &session, sizeof( mbedtls_ssl_session ) ); /* Zeroize instead of free as we copied the content */ - mbedtls_zeroize( &session, sizeof( mbedtls_ssl_session ) ); + mbedtls_platform_zeroize( &session, sizeof( mbedtls_ssl_session ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from ticket" ) ); diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 9e2276d2e..a2b304869 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -36,7 +36,7 @@ #endif #include "mbedtls/ssl_ticket.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -79,7 +79,7 @@ static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx, mbedtls_cipher_get_key_bitlen( &key->ctx ), MBEDTLS_ENCRYPT ); - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); return( ret ); } @@ -479,7 +479,7 @@ void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx ) mbedtls_mutex_free( &ctx->mutex ); #endif - mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) ); } #endif /* MBEDTLS_SSL_TICKET_C */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 84f9c77ac..f24980049 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -46,7 +46,7 @@ #include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -265,8 +265,8 @@ exit: mbedtls_md5_free( &md5 ); mbedtls_sha1_free( &sha1 ); - mbedtls_zeroize( padding, sizeof( padding ) ); - mbedtls_zeroize( sha1sum, sizeof( sha1sum ) ); + mbedtls_platform_zeroize( padding, sizeof( padding ) ); + mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) ); return( ret ); } @@ -363,8 +363,8 @@ static int tls1_prf( const unsigned char *secret, size_t slen, mbedtls_md_free( &md_ctx ); - mbedtls_zeroize( tmp, sizeof( tmp ) ); - mbedtls_zeroize( h_i, sizeof( h_i ) ); + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); return( 0 ); } @@ -428,8 +428,8 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, mbedtls_md_free( &md_ctx ); - mbedtls_zeroize( tmp, sizeof( tmp ) ); - mbedtls_zeroize( h_i, sizeof( h_i ) ); + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); return( 0 ); } @@ -638,7 +638,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) return( ret ); } - mbedtls_zeroize( handshake->premaster, sizeof(handshake->premaster) ); + mbedtls_platform_zeroize( handshake->premaster, + sizeof(handshake->premaster) ); } else MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); @@ -649,7 +650,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) memcpy( tmp, handshake->randbytes, 64 ); memcpy( handshake->randbytes, tmp + 32, 32 ); memcpy( handshake->randbytes + 32, tmp, 32 ); - mbedtls_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); /* * SSLv3: @@ -677,7 +678,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 ); MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 ); - mbedtls_zeroize( handshake->randbytes, sizeof( handshake->randbytes ) ); + mbedtls_platform_zeroize( handshake->randbytes, + sizeof( handshake->randbytes ) ); /* * Determine the appropriate key, IV and MAC length. @@ -944,7 +946,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_CIPHER_MODE_CBC */ - mbedtls_zeroize( keyblk, sizeof( keyblk ) ); + mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) ); #if defined(MBEDTLS_ZLIB_SUPPORT) // Initialize compression @@ -5023,9 +5025,9 @@ static void ssl_calc_finished_ssl( mbedtls_md5_free( &md5 ); mbedtls_sha1_free( &sha1 ); - mbedtls_zeroize( padbuf, sizeof( padbuf ) ); - mbedtls_zeroize( md5sum, sizeof( md5sum ) ); - mbedtls_zeroize( sha1sum, sizeof( sha1sum ) ); + mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); + mbedtls_platform_zeroize( md5sum, sizeof( md5sum ) ); + mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); } @@ -5084,7 +5086,7 @@ static void ssl_calc_finished_tls( mbedtls_md5_free( &md5 ); mbedtls_sha1_free( &sha1 ); - mbedtls_zeroize( padbuf, sizeof( padbuf ) ); + mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); } @@ -5134,7 +5136,7 @@ static void ssl_calc_finished_tls_sha256( mbedtls_sha256_free( &sha256 ); - mbedtls_zeroize( padbuf, sizeof( padbuf ) ); + mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); } @@ -5183,7 +5185,7 @@ static void ssl_calc_finished_tls_sha384( mbedtls_sha512_free( &sha512 ); - mbedtls_zeroize( padbuf, sizeof( padbuf ) ); + mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); } @@ -6102,7 +6104,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, if( conf->psk != NULL ) { - mbedtls_zeroize( conf->psk, conf->psk_len ); + mbedtls_platform_zeroize( conf->psk, conf->psk_len ); mbedtls_free( conf->psk ); conf->psk = NULL; @@ -6145,7 +6147,8 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, if( ssl->handshake->psk != NULL ) { - mbedtls_zeroize( ssl->handshake->psk, ssl->handshake->psk_len ); + mbedtls_platform_zeroize( ssl->handshake->psk, + ssl->handshake->psk_len ); mbedtls_free( ssl->handshake->psk ); ssl->handshake->psk_len = 0; } @@ -6275,7 +6278,7 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) if( ssl->hostname != NULL ) { - mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) ); + mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) ); mbedtls_free( ssl->hostname ); } @@ -7388,7 +7391,7 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ) mbedtls_md_free( &transform->md_ctx_enc ); mbedtls_md_free( &transform->md_ctx_dec ); - mbedtls_zeroize( transform, sizeof( mbedtls_ssl_transform ) ); + mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) ); } #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -7448,7 +7451,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) if( handshake->psk != NULL ) { - mbedtls_zeroize( handshake->psk, handshake->psk_len ); + mbedtls_platform_zeroize( handshake->psk, handshake->psk_len ); mbedtls_free( handshake->psk ); } #endif @@ -7478,7 +7481,8 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ) ssl_flight_free( handshake->flight ); #endif - mbedtls_zeroize( handshake, sizeof( mbedtls_ssl_handshake_params ) ); + mbedtls_platform_zeroize( handshake, + sizeof( mbedtls_ssl_handshake_params ) ); } void mbedtls_ssl_session_free( mbedtls_ssl_session *session ) @@ -7498,7 +7502,7 @@ void mbedtls_ssl_session_free( mbedtls_ssl_session *session ) mbedtls_free( session->ticket ); #endif - mbedtls_zeroize( session, sizeof( mbedtls_ssl_session ) ); + mbedtls_platform_zeroize( session, sizeof( mbedtls_ssl_session ) ); } /* @@ -7513,20 +7517,20 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) if( ssl->out_buf != NULL ) { - mbedtls_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN ); + mbedtls_platform_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN ); mbedtls_free( ssl->out_buf ); } if( ssl->in_buf != NULL ) { - mbedtls_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN ); + mbedtls_platform_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN ); mbedtls_free( ssl->in_buf ); } #if defined(MBEDTLS_ZLIB_SUPPORT) if( ssl->compress_buf != NULL ) { - mbedtls_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN ); + mbedtls_platform_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN ); mbedtls_free( ssl->compress_buf ); } #endif @@ -7557,7 +7561,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_X509_CRT_PARSE_C) if( ssl->hostname != NULL ) { - mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) ); + mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) ); mbedtls_free( ssl->hostname ); } #endif @@ -7577,7 +7581,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) ); /* Actually clear after last debug message */ - mbedtls_zeroize( ssl, sizeof( mbedtls_ssl_context ) ); + mbedtls_platform_zeroize( ssl, sizeof( mbedtls_ssl_context ) ); } /* @@ -7804,7 +7808,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) if( conf->psk != NULL ) { - mbedtls_zeroize( conf->psk, conf->psk_len ); + mbedtls_platform_zeroize( conf->psk, conf->psk_len ); mbedtls_free( conf->psk ); conf->psk = NULL; conf->psk_len = 0; @@ -7812,7 +7816,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) if( conf->psk_identity != NULL ) { - mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len ); + mbedtls_platform_zeroize( conf->psk_identity, conf->psk_identity_len ); mbedtls_free( conf->psk_identity ); conf->psk_identity = NULL; conf->psk_identity_len = 0; @@ -7823,7 +7827,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) ssl_key_cert_free( conf->key_cert ); #endif - mbedtls_zeroize( conf, sizeof( mbedtls_ssl_config ) ); + mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) ); } #if defined(MBEDTLS_PK_C) && \ diff --git a/library/x509_crl.c b/library/x509_crl.c index 09c7ac318..8450f87e0 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -39,7 +39,7 @@ #include "mbedtls/x509_crl.h" #include "mbedtls/oid.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -612,7 +612,7 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ) ret = mbedtls_x509_crl_parse( chain, buf, n ); - mbedtls_zeroize( buf, n ); + mbedtls_platform_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); @@ -733,7 +733,7 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); + mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); mbedtls_free( name_prv ); } @@ -742,13 +742,14 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ) { entry_prv = entry_cur; entry_cur = entry_cur->next; - mbedtls_zeroize( entry_prv, sizeof( mbedtls_x509_crl_entry ) ); + mbedtls_platform_zeroize( entry_prv, + sizeof( mbedtls_x509_crl_entry ) ); mbedtls_free( entry_prv ); } if( crl_cur->raw.p != NULL ) { - mbedtls_zeroize( crl_cur->raw.p, crl_cur->raw.len ); + mbedtls_platform_zeroize( crl_cur->raw.p, crl_cur->raw.len ); mbedtls_free( crl_cur->raw.p ); } @@ -762,7 +763,7 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ) crl_prv = crl_cur; crl_cur = crl_cur->next; - mbedtls_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) ); + mbedtls_platform_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) ); if( crl_prv != crl ) mbedtls_free( crl_prv ); } diff --git a/library/x509_crt.c b/library/x509_crt.c index c9969a80d..462cbcf12 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -41,7 +41,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/oid.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include #include @@ -1111,7 +1111,7 @@ int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ) ret = mbedtls_x509_crt_parse( chain, buf, n ); - mbedtls_zeroize( buf, n ); + mbedtls_platform_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); @@ -2422,7 +2422,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); + mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); mbedtls_free( name_prv ); } @@ -2431,7 +2431,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); + mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); mbedtls_free( name_prv ); } @@ -2440,7 +2440,8 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) { seq_prv = seq_cur; seq_cur = seq_cur->next; - mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) ); + mbedtls_platform_zeroize( seq_prv, + sizeof( mbedtls_x509_sequence ) ); mbedtls_free( seq_prv ); } @@ -2449,13 +2450,14 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) { seq_prv = seq_cur; seq_cur = seq_cur->next; - mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) ); + mbedtls_platform_zeroize( seq_prv, + sizeof( mbedtls_x509_sequence ) ); mbedtls_free( seq_prv ); } if( cert_cur->raw.p != NULL ) { - mbedtls_zeroize( cert_cur->raw.p, cert_cur->raw.len ); + mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len ); mbedtls_free( cert_cur->raw.p ); } @@ -2469,7 +2471,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) cert_prv = cert_cur; cert_cur = cert_cur->next; - mbedtls_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) ); + mbedtls_platform_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) ); if( cert_prv != crt ) mbedtls_free( cert_prv ); } diff --git a/library/x509_csr.c b/library/x509_csr.c index 8a74db85f..3e8e8fbc6 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -39,7 +39,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/oid.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -321,7 +321,7 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ) ret = mbedtls_x509_csr_parse( csr, buf, n ); - mbedtls_zeroize( buf, n ); + mbedtls_platform_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); @@ -403,17 +403,17 @@ void mbedtls_x509_csr_free( mbedtls_x509_csr *csr ) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); + mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); mbedtls_free( name_prv ); } if( csr->raw.p != NULL ) { - mbedtls_zeroize( csr->raw.p, csr->raw.len ); + mbedtls_platform_zeroize( csr->raw.p, csr->raw.len ); mbedtls_free( csr->raw.p ); } - mbedtls_zeroize( csr, sizeof( mbedtls_x509_csr ) ); + mbedtls_platform_zeroize( csr, sizeof( mbedtls_x509_csr ) ); } #endif /* MBEDTLS_X509_CSR_PARSE_C */ diff --git a/library/x509write_crt.c b/library/x509write_crt.c index dee77b841..b1ef216c9 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -37,7 +37,7 @@ #include "mbedtls/oid.h" #include "mbedtls/asn1write.h" #include "mbedtls/sha1.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -61,7 +61,7 @@ void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx ) mbedtls_asn1_free_named_data_list( &ctx->issuer ); mbedtls_asn1_free_named_data_list( &ctx->extensions ); - mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_cert ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_cert ) ); } void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version ) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 482e65eb7..66cee5601 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -35,7 +35,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/oid.h" #include "mbedtls/asn1write.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include #include @@ -54,7 +54,7 @@ void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx ) mbedtls_asn1_free_named_data_list( &ctx->subject ); mbedtls_asn1_free_named_data_list( &ctx->extensions ); - mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_csr ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_csr ) ); } void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg ) diff --git a/library/xtea.c b/library/xtea.c index 65b416545..a33707bc1 100644 --- a/library/xtea.c +++ b/library/xtea.c @@ -28,7 +28,7 @@ #if defined(MBEDTLS_XTEA_C) #include "mbedtls/xtea.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -76,7 +76,7 @@ void mbedtls_xtea_free( mbedtls_xtea_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_xtea_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_xtea_context ) ); } /* From 82934be1443d5fafff1bd9f8aa9c938dad8e825c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 10:02:17 -0500 Subject: [PATCH 26/38] Do not install zeroize program in CMakeLists --- programs/test/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 1e87fca31..0c5ce27f7 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -25,6 +25,6 @@ target_link_libraries(udp_proxy ${libs}) add_executable(zeroize zeroize.c) target_link_libraries(zeroize ${libs}) -install(TARGETS selftest benchmark ssl_cert_test udp_proxy zeroize +install(TARGETS selftest benchmark ssl_cert_test udp_proxy DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) From 9644983ae4d6080a604ceb25ec794dba6d850668 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 10:03:44 -0500 Subject: [PATCH 27/38] Add platform_utils and zeroize to visualc files --- visualc/VS2010/mbedTLS.sln | 13 +++ visualc/VS2010/mbedTLS.vcxproj | 2 + visualc/VS2010/zeroize.vcxproj | 174 +++++++++++++++++++++++++++++++++ 3 files changed, 189 insertions(+) create mode 100644 visualc/VS2010/zeroize.vcxproj diff --git a/visualc/VS2010/mbedTLS.sln b/visualc/VS2010/mbedTLS.sln index 686091c7f..66b96c3a3 100644 --- a/visualc/VS2010/mbedTLS.sln +++ b/visualc/VS2010/mbedTLS.sln @@ -203,6 +203,11 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "udp_proxy", "udp_proxy.vcxp {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zeroize", "zeroize.vcxproj", "{10C01E94-4926-063E-9F56-C84ED190D349}" + ProjectSection(ProjectDependencies) = postProject + {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} + EndProjectSection +EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pem2der", "pem2der.vcxproj", "{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} @@ -574,6 +579,14 @@ Global {7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Release|Win32.Build.0 = Release|Win32 {7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Release|x64.ActiveCfg = Release|x64 {7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Release|x64.Build.0 = Release|x64 + {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|Win32.ActiveCfg = Debug|Win32 + {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|Win32.Build.0 = Debug|Win32 + {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|x64.ActiveCfg = Debug|x64 + {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|x64.Build.0 = Debug|x64 + {10C01E94-4926-063E-9F56-C84ED190D349}.Release|Win32.ActiveCfg = Release|Win32 + {10C01E94-4926-063E-9F56-C84ED190D349}.Release|Win32.Build.0 = Release|Win32 + {10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.ActiveCfg = Release|x64 + {10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.Build.0 = Release|x64 {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.ActiveCfg = Debug|Win32 {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.Build.0 = Debug|Win32 {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|x64.ActiveCfg = Debug|x64 diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index f13f83cc1..802cce719 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -197,6 +197,7 @@ + @@ -266,6 +267,7 @@ + diff --git a/visualc/VS2010/zeroize.vcxproj b/visualc/VS2010/zeroize.vcxproj new file mode 100644 index 000000000..9d311c721 --- /dev/null +++ b/visualc/VS2010/zeroize.vcxproj @@ -0,0 +1,174 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + + + + + {46cf2d25-6a36-4189-b59c-e4815388e554} + true + + + + {10C01E94-4926-063E-9F56-C84ED190D349} + Win32Proj + zeroize + + + + Application + true + Unicode + + + Application + true + Unicode + + + Application + false + true + Unicode + + + Application + false + true + Unicode + Windows7.1SDK + + + + + + + + + + + + + + + + + + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + + + + Level3 + Disabled + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + ../../include + + + Console + true + NotSet + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + Debug + + + false + + + + + + + Level3 + Disabled + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + ../../include + + + Console + true + NotSet + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + Debug + + + false + + + + + Level3 + + + MaxSpeed + true + true + WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + ../../include + + + Console + true + true + true + Release + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + + + + + Level3 + + + MaxSpeed + true + true + WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + ../../include + + + Console + true + true + true + Release + %(AdditionalDependencies); + + + + + + From eecea0e281b2300a1e6f84241bddae4408ecd02d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 10:14:53 -0500 Subject: [PATCH 28/38] Update zeroize test to use mbedtls_platform_zeroize() --- programs/test/zeroize.c | 13 +++++++------ tests/scripts/test_zeroize.gdb | 30 +++++++++++++++--------------- 2 files changed, 22 insertions(+), 21 deletions(-) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index 9f7742554..252438bcf 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -2,13 +2,14 @@ * Zeroize application for debugger-driven testing * * This is a simple test application used for debugger-driven testing to check - * whether calls to mbedtls_zeroize() are being eliminated by compiler + * whether calls to mbedtls_platform_zeroize() are being eliminated by compiler * optimizations. This application is used by the GDB script at - * tests/scripts/test_zeroize.gdb under the assumption that line numbers do not + * tests/scripts/test_zeroize.gdb under the assumption that the code does not * change often (as opposed to the library code) because the script sets a * breakpoint at the last return statement in the main() function of this * program. The debugger facilities are then used to manually inspect the - * memory and verify that the call to mbedtls_zeroize() was not eliminated. + * memory and verify that the call to mbedtls_platform_zeroize() was not + * eliminated. * * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 @@ -45,14 +46,14 @@ #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #define BUFFER_LEN 1024 void usage( void ) { mbedtls_printf( "Zeroize is a simple program to assist with testing\n" ); - mbedtls_printf( "the mbedtls_zeroize() function by using the\n" ); + mbedtls_printf( "the mbedtls_platform_zeroize() function by using the\n" ); mbedtls_printf( "debugger. This program takes a file as input and\n" ); mbedtls_printf( "prints the first %d characters. Usage:\n\n", BUFFER_LEN ); mbedtls_printf( " zeroize \n" ); @@ -94,7 +95,7 @@ int main( int argc, char** argv ) mbedtls_printf( "The file is empty!\n" ); fclose( fp ); - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); return( exit_code ); } diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 574379b04..11ea37f97 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -6,29 +6,29 @@ # # Purpose # -# Run a test using the debugger to check that the mbedtls_zeroize() function in -# utils.h is not being optimized out by the compiler. To do so, the script -# loads the test program at programs/test/zeroize.c and sets a breakpoint at -# the last return statement in the main(). When the breakpoint is hit, the -# debugger manually checks the contents to be zeroized and checks that it is -# actually cleared. +# Run a test using the debugger to check that the mbedtls_platform_zeroize() +# function in platform_util.h is not being optimized out by the compiler. To do +# so, the script loads the test program at programs/test/zeroize.c and sets a +# breakpoint at the last return statement in main(). When the breakpoint is +# hit, the debugger manually checks the contents to be zeroized and checks that +# it is actually cleared. # -# The mbedtls_zeroize() test is debugger driven because there does not seem to -# be a mechanism to reliably check whether the zeroize calls are being +# The mbedtls_platform_zeroize() test is debugger driven because there does not +# seem to be a mechanism to reliably check whether the zeroize calls are being # eliminated by compiler optimizations from within the compiled program. The # problem is that a compiler would typically remove what it considers to be # "unecessary" assignments as part of redundant code elimination. To identify # such code, the compilar will create some form dependency graph between # reads and writes to variables (among other situations). It will then use this # data structure to remove redundant code that does not have an impact on the -# program's observable behavior. In the case of mbedtls_zeroize(), an +# program's observable behavior. In the case of mbedtls_platform_zeroize(), an # intelligent compiler could determine that this function clears a block of # memory that is not accessed later in the program, so removing the call to -# mbedtls_zeroize() does not have an observable behavior. However, inserting a -# test after a call to mbedtls_zeroize() to check whether the block of -# memory was correctly zeroed would force the compiler to not eliminate the -# mbedtls_zeroize() call. If this does not occur, then the compiler potentially -# has a bug. +# mbedtls_platform_zeroize() does not have an observable behavior. However, +# inserting a test after a call to mbedtls_zeroize() to check whether the block +# of memory was correctly zeroed would force the compiler to not eliminate the +# mbedtls_platform_zeroize() call. If this does not occur, then the compiler +# potentially has a bug. # # Note: This test requires that the test program is compiled with -g3. # @@ -42,7 +42,7 @@ set confirm off file ./programs/test/zeroize -break zeroize.c:99 +break zeroize.c:100 set args ./programs/test/zeroize.c run From 3ea559ea6c93c232598e94424d2bf1913582ae1d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 10:17:22 -0500 Subject: [PATCH 29/38] Fix alignment in makefile --- library/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/Makefile b/library/Makefile index fd4544aa4..0ce2a224e 100644 --- a/library/Makefile +++ b/library/Makefile @@ -65,7 +65,7 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ ripemd160.o rsa_internal.o rsa.o \ sha1.o sha256.o sha512.o \ threading.o timing.o version.o \ - version_features.o xtea.o \ + version_features.o xtea.o \ platform_util.o OBJS_X509= certs.o pkcs11.o x509.o \ From c58787f5074d38dde47834e2e29249c4e7923a69 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 10:21:45 -0500 Subject: [PATCH 30/38] Update docs for MBEDTLS_PLATFORM_ZEROIZE_ALT in config.h --- include/mbedtls/config.h | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 69754cf67..85d3f8ef1 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2853,25 +2853,26 @@ #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE /** - * \def MBEDTLS_UTILS_ZEROIZE_ALT + * \def MBEDTLS_PLATFORM_ZEROIZE_ALT * * Uncomment the macro to let mbed TLS use your alternate implementation of - * mbedtls_zeroize(). This replaces the default implementation in utils.c. + * mbedtls_platform_zeroize(). This replaces the default implementation in + * platform_util.c. * - * mbedtls_zeroize() is a widely used function across the library to zero a - * block of memory. The implementation is expected to be secure in the sense - * that it has been written to prevent the compiler from removing calls to - * mbedtls_zeroize() as part of redundant code elimination optimizations. - * However, it is difficult to guarantee that calls to mbedtls_zeroize() will - * not be optimized by the compiler as older versions of the C language - * standards do not provide a secure implementation of memset(). Therefore, - * MBEDTLS_UTILS_ZEROIZE_ALT enables users to configure their own - * implementation of mbedtls_zeroize(), for example by using directives - * specific to their compiler, features from the C standard (e.g using - * memset_s() in C11) or calling a secure memset() from their system (e.g - * explicit_bzero() in BSD). + * mbedtls_platform_zeroize() is a widely used function across the library to + * zero a block of memory. The implementation is expected to be secure in the + * sense that it has been written to prevent the compiler from removing calls + * to mbedtls_platform_zeroize() as part of redundant code elimination + * optimizations. However, it is difficult to guarantee that calls to + * mbedtls_platform_zeroize() will not be optimized by the compiler as older + * versions of the C language standards do not provide a secure implementation + * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to + * configure their own implementation of mbedtls_platform_zeroize(), for + * example by using directives specific to their compiler, features from the C + * standard (e.g using memset_s() in C11) or calling a secure memset() from + * their system (e.g explicit_bzero() in BSD). */ -//#define MBEDTLS_UTILS_ZEROIZE_ALT +//#define MBEDTLS_PLATFORM_ZEROIZE_ALT /* \} name SECTION: Customisation configuration options */ From 14a8b59d7b9dea1d91c88ee27b8ddde7a8f29de9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 16:56:12 +0100 Subject: [PATCH 31/38] Fix doxygen error for MBEDTLS_PLATFORM_ZEROIZE_ALT --- include/mbedtls/config.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 85d3f8ef1..67ad4b268 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2853,8 +2853,6 @@ #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE /** - * \def MBEDTLS_PLATFORM_ZEROIZE_ALT - * * Uncomment the macro to let mbed TLS use your alternate implementation of * mbedtls_platform_zeroize(). This replaces the default implementation in * platform_util.c. From 21b376b56c64c7aadc13a4fc851cb3a298113246 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:28:26 -0500 Subject: [PATCH 32/38] Organize output objs in alfabetical order in Makefile --- library/Makefile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/Makefile b/library/Makefile index 0ce2a224e..c6ec15351 100644 --- a/library/Makefile +++ b/library/Makefile @@ -62,11 +62,11 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ padlock.o pem.o pk.o \ pk_wrap.o pkcs12.o pkcs5.o \ pkparse.o pkwrite.o platform.o \ - ripemd160.o rsa_internal.o rsa.o \ - sha1.o sha256.o sha512.o \ - threading.o timing.o version.o \ - version_features.o xtea.o \ - platform_util.o + platform_util.o ripemd160.o rsa_internal.o \ + rsa.o sha1.o sha256.o \ + sha512.o threading.o timing.o \ + version.o version_features.o \ + xtea.o OBJS_X509= certs.o pkcs11.o x509.o \ x509_create.o x509_crl.o x509_crt.o \ From bc7bdbf5c89768812fe4e5f0f62979488741bd04 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:29:20 -0500 Subject: [PATCH 33/38] Organize CMakeLists targets in alphabetical order --- library/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 648b151a0..e52573117 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -46,6 +46,7 @@ set(src_crypto pkparse.c pkwrite.c platform.c + platform_util.c ripemd160.c rsa.c rsa_internal.c @@ -57,7 +58,6 @@ set(src_crypto version.c version_features.c xtea.c - platform_util.c ) set(src_x509 From d0ef468d390f7847cb22dbc0297051dfb948eb97 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:31:34 -0500 Subject: [PATCH 34/38] Reword config.h docs for MBEDTLS_PLATFORM_ZEROIZE_ALT --- include/mbedtls/config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 67ad4b268..7c9acb230 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2866,8 +2866,8 @@ * versions of the C language standards do not provide a secure implementation * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to * configure their own implementation of mbedtls_platform_zeroize(), for - * example by using directives specific to their compiler, features from the C - * standard (e.g using memset_s() in C11) or calling a secure memset() from + * example by using directives specific to their compiler, features from newer + * C standards (e.g using memset_s() in C11) or calling a secure memset() from * their system (e.g explicit_bzero() in BSD). */ //#define MBEDTLS_PLATFORM_ZEROIZE_ALT From 708c5cb6ab2602767e40e6f7f7164c42b401f04b Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:33:31 -0500 Subject: [PATCH 35/38] mbedtls_zeroize -> mbedtls_platform_zeroize in docs --- tests/scripts/all.sh | 2 +- tests/scripts/test_zeroize.gdb | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 53f2a93de..de0bbcc42 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -909,7 +909,7 @@ rm -rf "$OUT_OF_SOURCE_DIR" for optimization_flag in -O2 -O3 -Ofast -Os; do for compiler in clang gcc; do - msg "test: $compiler $optimization_flag, mbedtls_zeroize()" + msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" cleanup CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" make programs gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 11ea37f97..617ab5544 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -25,10 +25,10 @@ # intelligent compiler could determine that this function clears a block of # memory that is not accessed later in the program, so removing the call to # mbedtls_platform_zeroize() does not have an observable behavior. However, -# inserting a test after a call to mbedtls_zeroize() to check whether the block -# of memory was correctly zeroed would force the compiler to not eliminate the -# mbedtls_platform_zeroize() call. If this does not occur, then the compiler -# potentially has a bug. +# inserting a test after a call to mbedtls_platform_zeroize() to check whether +# the block of memory was correctly zeroed would force the compiler to not +# eliminate the mbedtls_platform_zeroize() call. If this does not occur, then +# the compiler potentially has a bug. # # Note: This test requires that the test program is compiled with -g3. # From 56e06db1023255d19578cc4108ecf3b78053ccd7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:37:52 -0500 Subject: [PATCH 36/38] Improve mbedtls_platform_zeroize() docs --- include/mbedtls/platform_util.h | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index bda97102c..84f0732ee 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -34,19 +34,24 @@ extern "C" { /** * \brief Securely zeroize a buffer * - * \param buf Buffer to be zeroized - * \param len Length of the buffer in bytes + * The function is meant to wipe the data contained in a buffer so + * that it can no longer be recovered even if the program memory + * is later compromised. Call this function on sensitive data + * stored on the stack before returning from a function, and on + * sensitive data stored on the heap before freeing the heap + * object. * - * \note This implementation should never be optimized out by the - * compiler - * - * \note It is extremely difficult to guarantee that calls to + * It is extremely difficult to guarantee that calls to * mbedtls_platform_zeroize() are not removed by aggressive * compiler optimizations in a portable way. For this reason, Mbed * TLS provides the configuration option * MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure * mbedtls_platform_zeroize() to use a suitable implementation for * their platform and needs + * + * \param buf Buffer to be zeroized + * \param len Length of the buffer in bytes + * */ void mbedtls_platform_zeroize( void *buf, size_t len ); From 6698d2fc5ca1feb5e6fceae4e9995de0843d3cb4 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:39:07 -0500 Subject: [PATCH 37/38] Fix style for mbedtls_mpi_zeroize() --- library/bignum.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index fb748d8a1..02d93edcf 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -73,7 +73,8 @@ #define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) /* Implementation that should never be optimized out by the compiler */ -static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) { +static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) +{ mbedtls_platform_zeroize( v, ciL * n ); } From 8491406803465667c4ee5d29b0ebd58bcd91cc87 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:40:46 -0500 Subject: [PATCH 38/38] Remove preprocessor directives around platform_util.h include --- library/ssl_srv.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 313938ee8..09b7a3fed 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -38,6 +38,7 @@ #include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" +#include "mbedtls/platform_util.h" #include @@ -49,10 +50,6 @@ #include "mbedtls/platform_time.h" #endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#include "mbedtls/platform_util.h" -#endif - #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, const unsigned char *info,