Introduce polarssl_zeroize() instead of memset() for zeroization
diff --git a/library/pem.c b/library/pem.c
index 3dd3b79..4e00b63 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -46,6 +46,11 @@
#include <stdlib.h>
+/* Implementation that should never be optimized out by the compiler */
+static void polarssl_zeroize( void *v, size_t n ) {
+ volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
#if defined(POLARSSL_PEM_PARSE_C)
void pem_init( pem_context *ctx )
{
@@ -99,8 +104,8 @@
{
memcpy( key, md5sum, keylen );
- memset( &md5_ctx, 0, sizeof( md5_ctx ) );
- memset( md5sum, 0, 16 );
+ polarssl_zeroize( &md5_ctx, sizeof( md5_ctx ) );
+ polarssl_zeroize( md5sum, 16 );
return;
}
@@ -121,8 +126,8 @@
memcpy( key + 16, md5sum, use_len );
- memset( &md5_ctx, 0, sizeof( md5_ctx ) );
- memset( md5sum, 0, 16 );
+ polarssl_zeroize( &md5_ctx, sizeof( md5_ctx ) );
+ polarssl_zeroize( md5sum, 16 );
}
#if defined(POLARSSL_DES_C)
@@ -142,8 +147,8 @@
des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen,
des_iv, buf, buf );
- memset( &des_ctx, 0, sizeof( des_ctx ) );
- memset( des_key, 0, 8 );
+ polarssl_zeroize( &des_ctx, sizeof( des_ctx ) );
+ polarssl_zeroize( des_key, 8 );
}
/*
@@ -162,8 +167,8 @@
des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen,
des3_iv, buf, buf );
- memset( &des3_ctx, 0, sizeof( des3_ctx ) );
- memset( des3_key, 0, 24 );
+ polarssl_zeroize( &des3_ctx, sizeof( des3_ctx ) );
+ polarssl_zeroize( des3_key, 24 );
}
#endif /* POLARSSL_DES_C */
@@ -184,8 +189,8 @@
aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen,
aes_iv, buf, buf );
- memset( &aes_ctx, 0, sizeof( aes_ctx ) );
- memset( aes_key, 0, keylen );
+ polarssl_zeroize( &aes_ctx, sizeof( aes_ctx ) );
+ polarssl_zeroize( aes_key, keylen );
}
#endif /* POLARSSL_AES_C */
@@ -373,7 +378,7 @@
polarssl_free( ctx->buf );
polarssl_free( ctx->info );
- memset( ctx, 0, sizeof( pem_context ) );
+ polarssl_zeroize( ctx, sizeof( pem_context ) );
}
#endif /* POLARSSL_PEM_PARSE_C */