Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2025-12-21 21:36:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Introduce polarssl_zeroize() instead of memset() for zeroization

Browse source
This commit is contained in:
Paul Bakker 2014-06-13 17:20:13 +02:00
parent bbcb1ce703
commit 3461772559
36 changed files with 325 additions and 129 deletions
Download patch file Download diff file Expand all files Collapse all files

9
library/gcm.c
View file

@ -76,6 +76,11 @@
}
#endif
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/*
* Precompute small multiples of H, that is set
* HH[i] || HL[i] = H times i,
@ -464,7 +469,7 @@ int gcm_auth_decrypt( gcm_context *ctx,
if( diff != 0 )
{
memset( output, 0, length );
polarssl_zeroize( output, length );
return( POLARSSL_ERR_GCM_AUTH_FAILED );
}
@ -474,7 +479,7 @@ int gcm_auth_decrypt( gcm_context *ctx,
void gcm_free( gcm_context *ctx )
{
(void) cipher_free_ctx( &ctx->cipher_ctx );
memset( ctx, 0, sizeof( gcm_context ) );
polarssl_zeroize( ctx, sizeof( gcm_context ) );
}
#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)