Skip to content

Commit f9e840e

Browse files
author
Cruz Monrreal
authored
Merge pull request #9218 from RonEld/use_platform_zeroize
Change to mbedtls_platform_zeroize()
2 parents f8375a4 + e0571c0 commit f9e840e

File tree

2 files changed

+17
-27
lines changed

2 files changed

+17
-27
lines changed

features/cryptocell/FEATURE_CRYPTOCELL310/ecdh_alt.c

Lines changed: 7 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -27,15 +27,10 @@
2727
#include "crys_ecpki_domain.h"
2828
#include "crys_ec_mont_api.h"
2929
#include "mbedtls/platform.h"
30+
#include "mbedtls/platform_util.h"
3031
#include "cc_internal.h"
3132

3233

33-
/* Implementation that should never be optimized out by the compiler */
34-
static void mbedtls_zeroize( void *v, size_t n ) {
35-
volatile unsigned char *p = (unsigned char*)v;
36-
while( n-- ) *p++ = 0;
37-
}
38-
3934
#if defined (MBEDTLS_ECDH_GEN_PUBLIC_ALT)
4035
int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
4136
int ( *f_rng )( void *, unsigned char *, size_t ),
@@ -84,12 +79,12 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp
8479
4*((((grp->nbits+7)/8)+3)/4) ) );
8580
if( ret != 0 )
8681
{
87-
mbedtls_zeroize( temp_buf, sizeof( temp_buf ) );
82+
mbedtls_platform_zeroize( temp_buf, sizeof( temp_buf ) );
8883
goto cleanup;
8984
}
9085

9186
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary( d, temp_buf, (grp->nbits+7)/8 ) );
92-
mbedtls_zeroize( temp_buf, sizeof( temp_buf ) );
87+
mbedtls_platform_zeroize( temp_buf, sizeof( temp_buf ) );
9388
}
9489

9590
/* if CRYS_ECPKI_GetEcDomain returns NULL, then the given curve is either Montgomery 25519
@@ -124,7 +119,7 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp
124119

125120
if ( pHeap )
126121
{
127-
mbedtls_zeroize( pHeap, heapSize );
122+
mbedtls_platform_zeroize( pHeap, heapSize );
128123
mbedtls_free( pHeap );
129124
}
130125

@@ -190,7 +185,7 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
190185
temp_buf,
191186
mbedtls_mpi_size( d ),
192187
&ecdhParams->privKey ) );
193-
mbedtls_zeroize( temp_buf, sizeof( temp_buf ) );
188+
mbedtls_platform_zeroize( temp_buf, sizeof( temp_buf ) );
194189
if ( ret != 0 )
195190
{
196191
goto cleanup;
@@ -241,13 +236,13 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
241236

242237
if ( pHeap )
243238
{
244-
mbedtls_zeroize( pHeap, heapSize );
239+
mbedtls_platform_zeroize( pHeap, heapSize );
245240
mbedtls_free ( pHeap );
246241
}
247242

248243
if ( secret )
249244
{
250-
mbedtls_zeroize( secret, secret_size_in_heap );
245+
mbedtls_platform_zeroize( secret, secret_size_in_heap );
251246
mbedtls_free ( secret );
252247
}
253248

features/cryptocell/FEATURE_CRYPTOCELL310/ecdsa_alt.c

Lines changed: 10 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -27,14 +27,9 @@
2727
#include "crys_ecpki_domain.h"
2828
#include "crys_ec_edw_api.h"
2929
#include "mbedtls/platform.h"
30+
#include "mbedtls/platform_util.h"
3031
#include "cc_internal.h"
3132

32-
/* Implementation that should never be optimized out by the compiler */
33-
static void mbedtls_zeroize( void *v, size_t n ) {
34-
volatile unsigned char *p = (unsigned char*)v;
35-
while( n-- ) *p++ = 0;
36-
}
37-
3833
static CRYS_ECPKI_HASH_OpMode_t message_size_to_hash_mode( size_t blen )
3934
{
4035
CRYS_ECPKI_HASH_OpMode_t hash_mode;
@@ -110,7 +105,7 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
110105
if( CrysRet != CRYS_OK )
111106
{
112107
ret = convert_CrysError_to_mbedtls_err( CrysRet );
113-
mbedtls_zeroize( temp_buf, sizeof(temp_buf) );
108+
mbedtls_platform_zeroize( temp_buf, sizeof(temp_buf) );
114109
goto cleanup;
115110
}
116111

@@ -123,7 +118,7 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
123118
blen,
124119
pSignature,
125120
&signature_size );
126-
mbedtls_zeroize( temp_buf, sizeof(temp_buf) );
121+
mbedtls_platform_zeroize( temp_buf, sizeof(temp_buf) );
127122
if( CrysRet != CRYS_OK )
128123
{
129124
ret = convert_CrysError_to_mbedtls_err( CrysRet );
@@ -145,13 +140,13 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
145140

146141
if ( pHeap )
147142
{
148-
mbedtls_zeroize( pHeap, heapSize );
143+
mbedtls_platform_zeroize( pHeap, heapSize );
149144
mbedtls_free( pHeap );
150145
}
151146

152147
if( pSignature )
153148
{
154-
mbedtls_zeroize( pSignature, signature_size_for_heap );
149+
mbedtls_platform_zeroize( pSignature, signature_size_for_heap );
155150
mbedtls_free( pSignature );
156151

157152
}
@@ -232,13 +227,13 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
232227

233228
if( pHeap )
234229
{
235-
mbedtls_zeroize( pHeap, heapSize );
230+
mbedtls_platform_zeroize( pHeap, heapSize );
236231
mbedtls_free( pHeap );
237232
}
238233

239234
if( pSignature )
240235
{
241-
mbedtls_zeroize( pSignature, signature_size );
236+
mbedtls_platform_zeroize( pSignature, signature_size );
242237
mbedtls_free( pSignature );
243238

244239
}
@@ -301,12 +296,12 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
301296
if ( CrysRet != CRYS_OK )
302297
{
303298
ret = convert_CrysError_to_mbedtls_err( CrysRet );
304-
mbedtls_zeroize( temp_buf, sizeof(temp_buf) );
299+
mbedtls_platform_zeroize( temp_buf, sizeof(temp_buf) );
305300
goto cleanup;
306301
}
307302

308303
ret = mbedtls_mpi_read_binary( &ctx->d, temp_buf, (ctx->grp.nbits+7)/8 );
309-
mbedtls_zeroize( temp_buf, sizeof(temp_buf) );
304+
mbedtls_platform_zeroize( temp_buf, sizeof(temp_buf) );
310305
if ( ret != 0 )
311306
{
312307
goto cleanup;
@@ -319,7 +314,7 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
319314
cleanup:
320315
if ( pHeap )
321316
{
322-
mbedtls_zeroize( pHeap, heapSize );
317+
mbedtls_platform_zeroize( pHeap, heapSize );
323318
mbedtls_free ( pHeap );
324319
}
325320
return ( ret );

0 commit comments

Comments
 (0)