TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 895454da016ffde7310080e51321ac982c4b76ea^! / .
commit895454da016ffde7310080e51321ac982c4b76ea[log] [tgz]
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Fri Oct 04 10:23:31 2019 +0200
committerManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Tue Oct 22 10:03:07 2019 +0200
tree17235912aac64a4421055ab363684314a0270536
parentee0c35fbf5283b8b2706b0e460a797d3f388f964 [diff]
Use plain memset() for public data in ssl_tls.c

- out_ctr is public because it's transmited over the wire in DTLS (and in TLS
  it can be inferred by a passive network attacker just by counting records).
- handshake mask is not a secret because it can be inferred by a passive
  network attacker just logging record sequence number seen so far.

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e9102a7..46ef06b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -4712,7 +4712,7 @@
             mask[last_byte_idx] |= 1 << ( 8 - end_bits );
     }
 
-    mbedtls_platform_memset( mask + offset / 8, 0xFF, len / 8 );
+    memset( mask + offset / 8, 0xFF, len / 8 );
 }
 
 /*
@@ -7799,7 +7799,7 @@
         memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, 8 );
 
         /* Set sequence_number to zero */
-        mbedtls_platform_memset( ssl->cur_out_ctr + 2, 0, 6 );
+        memset( ssl->cur_out_ctr + 2, 0, 6 );
 
         /* Increment epoch */
         for( i = 2; i > 0; i-- )
@@ -8379,7 +8379,7 @@
         ssl->split_done = 0;
 #endif
 
-    mbedtls_platform_memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
+    memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
 
     ssl->transform_in = NULL;
     ssl->transform_out = NULL;