aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-09-07 23:40:31 +0000
committerlloyd <[email protected]>2010-09-07 23:40:31 +0000
commit197f7cd4f744ae8246832343dc514296632554b2 (patch)
tree63963dfab01e29ce32be4c1d43e62506d9f0246d
parent5f83d344e49a6d62cd8989d9fb8f8ca80ed48fc1 (diff)
Big, invasive but mostly automated change, with a further attempt at
harmonising MemoryRegion with std::vector: The MemoryRegion::clear() function would zeroise the buffer, but keep the memory allocated and the size unchanged. This is very different from STL's clear(), which is basically the equivalent to what is called destroy() in MemoryRegion. So to be able to replace MemoryRegion with a std::vector, we have to rename destroy() to clear() and we have to expose the current functionality of clear() in some other way, since vector doesn't support this operation. Do so by adding a global function named zeroise() which takes a MemoryRegion which is zeroed. Remove clear() to ensure all callers are updated.
-rw-r--r--doc/examples/row_encryptor.cpp2
-rw-r--r--src/alloc/secmem.h46
-rw-r--r--src/asn1/ber_dec.cpp6
-rw-r--r--src/block/aes/aes.cpp8
-rw-r--r--src/block/aes_intel/aes_intel.cpp12
-rw-r--r--src/block/aes_ssse3/aes_ssse3.h6
-rw-r--r--src/block/cast/cast128.h2
-rw-r--r--src/block/cast/cast256.h2
-rw-r--r--src/block/des/des.h4
-rw-r--r--src/block/des/desx.h2
-rw-r--r--src/block/gost_28147/gost_28147.h2
-rw-r--r--src/block/idea/idea.h2
-rw-r--r--src/block/kasumi/kasumi.h2
-rw-r--r--src/block/lion/lion.cpp4
-rw-r--r--src/block/lubyrack/lubyrack.cpp4
-rw-r--r--src/block/mars/mars.h2
-rw-r--r--src/block/misty1/misty1.h2
-rw-r--r--src/block/noekeon/noekeon.cpp4
-rw-r--r--src/block/rc2/rc2.h2
-rw-r--r--src/block/rc5/rc5.h2
-rw-r--r--src/block/rc6/rc6.h2
-rw-r--r--src/block/safer/safer_sk.h2
-rw-r--r--src/block/seed/seed.h2
-rw-r--r--src/block/serpent/serpent.h2
-rw-r--r--src/block/skipjack/skipjack.cpp2
-rw-r--r--src/block/square/square.cpp8
-rw-r--r--src/block/tea/tea.h2
-rw-r--r--src/block/twofish/twofish.cpp10
-rw-r--r--src/block/xtea/xtea.h2
-rw-r--r--src/cms/cms_enc.cpp2
-rw-r--r--src/constructs/aont/package.cpp4
-rw-r--r--src/filters/modes/cfb/cfb.cpp4
-rw-r--r--src/filters/modes/cts/cts.cpp4
-rw-r--r--src/hash/bmw/bmw_512.cpp4
-rw-r--r--src/hash/gost_3411/gost_3411.cpp4
-rw-r--r--src/hash/has160/has160.cpp2
-rw-r--r--src/hash/md2/md2.cpp6
-rw-r--r--src/hash/md4/md4.cpp2
-rw-r--r--src/hash/md5/md5.cpp2
-rw-r--r--src/hash/mdx_hash/mdx_hash.cpp4
-rw-r--r--src/hash/rmd128/rmd128.cpp2
-rw-r--r--src/hash/rmd160/rmd160.cpp2
-rw-r--r--src/hash/sha1/sha160.cpp2
-rw-r--r--src/hash/sha2/sha2_32.cpp4
-rw-r--r--src/hash/sha2/sha2_64.cpp4
-rw-r--r--src/hash/skein/skein_512.cpp6
-rw-r--r--src/hash/tiger/tiger.cpp2
-rw-r--r--src/hash/whirlpool/whrlpool.cpp4
-rw-r--r--src/mac/cbc_mac/cbc_mac.cpp4
-rw-r--r--src/mac/cmac/cmac.cpp12
-rw-r--r--src/mac/hmac/hmac.cpp4
-rw-r--r--src/mac/ssl3mac/ssl3_mac.cpp4
-rw-r--r--src/mac/x919_mac/x919_mac.cpp4
-rw-r--r--src/math/bigint/big_ops2.cpp6
-rw-r--r--src/math/bigint/bigint.cpp2
-rw-r--r--src/math/bigint/bigint.h2
-rw-r--r--src/math/numbertheory/point_gfp.cpp4
-rw-r--r--src/math/numbertheory/powm_mnt.cpp8
-rw-r--r--src/pk_pad/eme1/eme1.cpp2
-rw-r--r--src/pk_pad/emsa3/emsa3.cpp4
-rw-r--r--src/rng/hmac_rng/hmac_rng.cpp4
-rw-r--r--src/rng/randpool/randpool.cpp6
-rw-r--r--src/rng/x931_rng/x931_rng.cpp2
-rw-r--r--src/ssl/rec_read.cpp4
-rw-r--r--src/ssl/rec_wri.cpp2
-rw-r--r--src/stream/arc4/arc4.cpp4
-rw-r--r--src/stream/ctr/ctr.cpp6
-rw-r--r--src/stream/ofb/ofb.cpp4
-rw-r--r--src/stream/salsa20/salsa20.cpp4
-rw-r--r--src/stream/turing/turing.cpp10
-rw-r--r--src/stream/wid_wake/wid_wake.cpp8
-rw-r--r--src/sym_algo/symkey.cpp2
72 files changed, 166 insertions, 158 deletions
diff --git a/doc/examples/row_encryptor.cpp b/doc/examples/row_encryptor.cpp
index 8c1df66a0..685850945 100644
--- a/doc/examples/row_encryptor.cpp
+++ b/doc/examples/row_encryptor.cpp
@@ -162,7 +162,7 @@ int main()
Row_Encryptor test_pbkdf_salt_copy(secret_passphrase,
encryptor.get_pbkdf_salt());
- salt.clear(); // all-0
+ zeroise(salt);
std::string test = test_pbkdf_salt_copy.decrypt(encrypted_values[0], salt);
if(test != original_inputs[0])
std::cout << "PBKDF salt copy failed to decrypt properly\n";
diff --git a/src/alloc/secmem.h b/src/alloc/secmem.h
index aae1634d3..37930b963 100644
--- a/src/alloc/secmem.h
+++ b/src/alloc/secmem.h
@@ -126,21 +126,6 @@ class MemoryRegion
{ copy_mem(buf + off, in, (n > size() - off) ? (size() - off) : n); }
/**
- * Set the contents of this according to the argument. The size of
- * *this is increased if necessary.
- * @param in the array of objects of type T to copy the contents from
- * @param n the size of array in
- */
- void set(const T in[], u32bit n) { resize(n); copy(in, n); }
-
- /**
- * Set the contents of this according to the argument. The size of
- * *this is increased if necessary.
- * @param in the buffer to copy the contents from
- */
- void set(const MemoryRegion<T>& in) { set(in.begin(), in.size()); }
-
- /**
* Append data to the end of this buffer.
* @param data the array containing the data to append
* @param n the size of the array data
@@ -162,11 +147,6 @@ class MemoryRegion
{ append(other.begin(), other.size()); }
/**
- * Zeroise the bytes of this buffer. The length remains unchanged.
- */
- void clear() { clear_mem(buf, allocated); }
-
- /**
* Reset this buffer to an empty buffer with size zero.
*/
void destroy() { resize(0); }
@@ -206,6 +186,22 @@ class MemoryRegion
*/
void init(bool locking, u32bit length = 0)
{ alloc = Allocator::get(locking); resize(length); }
+
+ /**
+ * Set the contents of this according to the argument. The size of
+ * *this is increased if necessary.
+ * @param in the array of objects of type T to copy the contents from
+ * @param n the size of array in
+ */
+ void set(const T in[], u32bit n) { resize(n); copy(in, n); }
+
+ /**
+ * Set the contents of this according to the argument. The size of
+ * *this is increased if necessary.
+ * @param in the buffer to copy the contents from
+ */
+ void set(const MemoryRegion<T>& in) { set(in.begin(), in.size()); }
+
private:
T* allocate(u32bit n)
{
@@ -393,6 +389,16 @@ class SecureVector : public MemoryRegion<T>
{ init(true); set(in1); append(in2); }
};
+/**
+* Zeroise the values; length remains unchanged
+* @param vec the vector to zeroise
+*/
+template<typename T>
+void zeroise(MemoryRegion<T>& vec)
+ {
+ clear_mem(&vec[0], vec.size());
+ }
+
}
#endif
diff --git a/src/asn1/ber_dec.cpp b/src/asn1/ber_dec.cpp
index ea0334202..1c0d218ca 100644
--- a/src/asn1/ber_dec.cpp
+++ b/src/asn1/ber_dec.cpp
@@ -451,7 +451,9 @@ BER_Decoder& BER_Decoder::decode(MemoryRegion<byte>& buffer,
{
if(obj.value[0] >= 8)
throw BER_Decoding_Error("Bad number of unused bits in BIT STRING");
- buffer.set(obj.value + 1, obj.value.size() - 1);
+
+ buffer.resize(obj.value.size() - 1);
+ copy_mem(&buffer[0], &obj.value[1], obj.value.size() - 1);
}
return (*this);
}
@@ -467,7 +469,7 @@ BER_Decoder& BER_Decoder::decode_optional_string(MemoryRegion<byte>& out,
ASN1_Tag type_tag = static_cast<ASN1_Tag>(type_no);
- out.clear();
+ out.destroy();
push_back(obj);
if(obj.type_tag == type_tag && obj.class_tag == CONTEXT_SPECIFIC)
diff --git a/src/block/aes/aes.cpp b/src/block/aes/aes.cpp
index 8783f13a0..2485fc1a1 100644
--- a/src/block/aes/aes.cpp
+++ b/src/block/aes/aes.cpp
@@ -693,10 +693,10 @@ AES::AES(u32bit key_size) : BlockCipher(16, key_size)
*/
void AES::clear()
{
- EK.clear();
- DK.clear();
- ME.clear();
- MD.clear();
+ zeroise(EK);
+ zeroise(DK);
+ zeroise(ME);
+ zeroise(MD);
}
}
diff --git a/src/block/aes_intel/aes_intel.cpp b/src/block/aes_intel/aes_intel.cpp
index 211bb3b47..c52f3fcd3 100644
--- a/src/block/aes_intel/aes_intel.cpp
+++ b/src/block/aes_intel/aes_intel.cpp
@@ -306,8 +306,8 @@ void AES_128_Intel::key_schedule(const byte key[], u32bit)
*/
void AES_128_Intel::clear()
{
- EK.clear();
- DK.clear();
+ zeroise(EK);
+ zeroise(DK);
}
/*
@@ -522,8 +522,8 @@ void AES_192_Intel::key_schedule(const byte key[], u32bit)
*/
void AES_192_Intel::clear()
{
- EK.clear();
- DK.clear();
+ zeroise(EK);
+ zeroise(DK);
}
/*
@@ -772,8 +772,8 @@ void AES_256_Intel::key_schedule(const byte key[], u32bit)
*/
void AES_256_Intel::clear()
{
- EK.clear();
- DK.clear();
+ zeroise(EK);
+ zeroise(DK);
}
}
diff --git a/src/block/aes_ssse3/aes_ssse3.h b/src/block/aes_ssse3/aes_ssse3.h
index 8087b58a0..babd30509 100644
--- a/src/block/aes_ssse3/aes_ssse3.h
+++ b/src/block/aes_ssse3/aes_ssse3.h
@@ -21,7 +21,7 @@ class BOTAN_DLL AES_128_SSSE3 : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { EK.clear(); DK.clear(); }
+ void clear() { zeroise(EK); zeroise(DK); }
std::string name() const { return "AES-128"; }
BlockCipher* clone() const { return new AES_128_SSSE3; }
@@ -41,7 +41,7 @@ class BOTAN_DLL AES_192_SSSE3 : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { EK.clear(); DK.clear(); }
+ void clear() { zeroise(EK); zeroise(DK); }
std::string name() const { return "AES-192"; }
BlockCipher* clone() const { return new AES_192_SSSE3; }
@@ -61,7 +61,7 @@ class BOTAN_DLL AES_256_SSSE3 : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { EK.clear(); DK.clear(); }
+ void clear() { zeroise(EK); zeroise(DK); }
std::string name() const { return "AES-256"; }
BlockCipher* clone() const { return new AES_256_SSSE3; }
diff --git a/src/block/cast/cast128.h b/src/block/cast/cast128.h
index 967e91938..e5d4a884b 100644
--- a/src/block/cast/cast128.h
+++ b/src/block/cast/cast128.h
@@ -21,7 +21,7 @@ class BOTAN_DLL CAST_128 : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { MK.clear(); RK.clear(); }
+ void clear() { zeroise(MK); zeroise(RK); }
std::string name() const { return "CAST-128"; }
BlockCipher* clone() const { return new CAST_128; }
diff --git a/src/block/cast/cast256.h b/src/block/cast/cast256.h
index c4a305671..c9820c1ab 100644
--- a/src/block/cast/cast256.h
+++ b/src/block/cast/cast256.h
@@ -21,7 +21,7 @@ class BOTAN_DLL CAST_256 : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { MK.clear(); RK.clear(); }
+ void clear() { zeroise(MK); zeroise(RK); }
std::string name() const { return "CAST-256"; }
BlockCipher* clone() const { return new CAST_256; }
diff --git a/src/block/des/des.h b/src/block/des/des.h
index 1ae806850..f631986f0 100644
--- a/src/block/des/des.h
+++ b/src/block/des/des.h
@@ -21,7 +21,7 @@ class BOTAN_DLL DES : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { round_key.clear(); }
+ void clear() { zeroise(round_key); }
std::string name() const { return "DES"; }
BlockCipher* clone() const { return new DES; }
@@ -41,7 +41,7 @@ class BOTAN_DLL TripleDES : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { round_key.clear(); }
+ void clear() { zeroise(round_key); }
std::string name() const { return "TripleDES"; }
BlockCipher* clone() const { return new TripleDES; }
diff --git a/src/block/des/desx.h b/src/block/des/desx.h
index 45a9d8479..007948ba7 100644
--- a/src/block/des/desx.h
+++ b/src/block/des/desx.h
@@ -21,7 +21,7 @@ class BOTAN_DLL DESX : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { des.clear(); K1.clear(); K2.clear(); }
+ void clear() { des.clear(); zeroise(K1); zeroise(K2); }
std::string name() const { return "DESX"; }
BlockCipher* clone() const { return new DESX; }
diff --git a/src/block/gost_28147/gost_28147.h b/src/block/gost_28147/gost_28147.h
index ec23466f4..9d845ae72 100644
--- a/src/block/gost_28147/gost_28147.h
+++ b/src/block/gost_28147/gost_28147.h
@@ -55,7 +55,7 @@ class BOTAN_DLL GOST_28147_89 : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { EK.clear(); }
+ void clear() { zeroise(EK); }
std::string name() const { return "GOST-28147-89"; }
BlockCipher* clone() const { return new GOST_28147_89(SBOX); }
diff --git a/src/block/idea/idea.h b/src/block/idea/idea.h
index aed3be3ea..737970b29 100644
--- a/src/block/idea/idea.h
+++ b/src/block/idea/idea.h
@@ -21,7 +21,7 @@ class BOTAN_DLL IDEA : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { EK.clear(); DK.clear(); }
+ void clear() { zeroise(EK); zeroise(DK); }
std::string name() const { return "IDEA"; }
BlockCipher* clone() const { return new IDEA; }
diff --git a/src/block/kasumi/kasumi.h b/src/block/kasumi/kasumi.h
index fda348ef3..f8575c2d2 100644
--- a/src/block/kasumi/kasumi.h
+++ b/src/block/kasumi/kasumi.h
@@ -21,7 +21,7 @@ class BOTAN_DLL KASUMI : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { EK.clear(); }
+ void clear() { zeroise(EK); }
std::string name() const { return "KASUMI"; }
BlockCipher* clone() const { return new KASUMI; }
diff --git a/src/block/lion/lion.cpp b/src/block/lion/lion.cpp
index d8dfd1fcb..45e051ada 100644
--- a/src/block/lion/lion.cpp
+++ b/src/block/lion/lion.cpp
@@ -99,8 +99,8 @@ void Lion::clear()
{
hash->clear();
cipher->clear();
- key1.clear();
- key2.clear();
+ zeroise(key1);
+ zeroise(key2);
}
/*
diff --git a/src/block/lubyrack/lubyrack.cpp b/src/block/lubyrack/lubyrack.cpp
index bdb26837e..4dd0d5c8a 100644
--- a/src/block/lubyrack/lubyrack.cpp
+++ b/src/block/lubyrack/lubyrack.cpp
@@ -94,8 +94,8 @@ void LubyRackoff::key_schedule(const byte key[], u32bit length)
*/
void LubyRackoff::clear()
{
- K1.clear();
- K2.clear();
+ zeroise(K1);
+ zeroise(K2);
hash->clear();
}
diff --git a/src/block/mars/mars.h b/src/block/mars/mars.h
index f455ec5ca..37501fff1 100644
--- a/src/block/mars/mars.h
+++ b/src/block/mars/mars.h
@@ -21,7 +21,7 @@ class BOTAN_DLL MARS : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { EK.clear(); }
+ void clear() { zeroise(EK); }
std::string name() const { return "MARS"; }
BlockCipher* clone() const { return new MARS; }
diff --git a/src/block/misty1/misty1.h b/src/block/misty1/misty1.h
index a9bc12c7b..dbb8e2c45 100644
--- a/src/block/misty1/misty1.h
+++ b/src/block/misty1/misty1.h
@@ -21,7 +21,7 @@ class BOTAN_DLL MISTY1 : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { EK.clear(); DK.clear(); }
+ void clear() { zeroise(EK); zeroise(DK); }
std::string name() const { return "MISTY1"; }
BlockCipher* clone() const { return new MISTY1; }
diff --git a/src/block/noekeon/noekeon.cpp b/src/block/noekeon/noekeon.cpp
index 0bfce1882..95178a62b 100644
--- a/src/block/noekeon/noekeon.cpp
+++ b/src/block/noekeon/noekeon.cpp
@@ -203,8 +203,8 @@ void Noekeon::key_schedule(const byte key[], u32bit)
*/
void Noekeon::clear()
{
- EK.clear();
- DK.clear();
+ zeroise(EK);
+ zeroise(DK);
}
}
diff --git a/src/block/rc2/rc2.h b/src/block/rc2/rc2.h
index c16680347..e6c900056 100644
--- a/src/block/rc2/rc2.h
+++ b/src/block/rc2/rc2.h
@@ -28,7 +28,7 @@ class BOTAN_DLL RC2 : public BlockCipher
*/
static byte EKB_code(u32bit bits);
- void clear() { K.clear(); }
+ void clear() { zeroise(K); }
std::string name() const { return "RC2"; }
BlockCipher* clone() const { return new RC2; }
diff --git a/src/block/rc5/rc5.h b/src/block/rc5/rc5.h
index 385c6b2b1..9a794d248 100644
--- a/src/block/rc5/rc5.h
+++ b/src/block/rc5/rc5.h
@@ -21,7 +21,7 @@ class BOTAN_DLL RC5 : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { S.clear(); }
+ void clear() { zeroise(S); }
std::string name() const;
BlockCipher* clone() const { return new RC5(ROUNDS); }
diff --git a/src/block/rc6/rc6.h b/src/block/rc6/rc6.h
index 9b2d587fa..02c464c5c 100644
--- a/src/block/rc6/rc6.h
+++ b/src/block/rc6/rc6.h
@@ -21,7 +21,7 @@ class BOTAN_DLL RC6 : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { S.clear(); }
+ void clear() { zeroise(S); }
std::string name() const { return "RC6"; }
BlockCipher* clone() const { return new RC6; }
diff --git a/src/block/safer/safer_sk.h b/src/block/safer/safer_sk.h
index c93797602..26875c97b 100644
--- a/src/block/safer/safer_sk.h
+++ b/src/block/safer/safer_sk.h
@@ -21,7 +21,7 @@ class BOTAN_DLL SAFER_SK : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { EK.clear(); }
+ void clear() { zeroise(EK); }
std::string name() const;
BlockCipher* clone() const;
diff --git a/src/block/seed/seed.h b/src/block/seed/seed.h
index 0c80199ad..bfc9c7fa1 100644
--- a/src/block/seed/seed.h
+++ b/src/block/seed/seed.h
@@ -21,7 +21,7 @@ class BOTAN_DLL SEED : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { K.clear(); }
+ void clear() { zeroise(K); }
std::string name() const { return "SEED"; }
BlockCipher* clone() const { return new SEED; }
diff --git a/src/block/serpent/serpent.h b/src/block/serpent/serpent.h
index dc81d4178..56afd3330 100644
--- a/src/block/serpent/serpent.h
+++ b/src/block/serpent/serpent.h
@@ -21,7 +21,7 @@ class BOTAN_DLL Serpent : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { round_key.clear(); }
+ void clear() { zeroise(round_key); }
std::string name() const { return "Serpent"; }
BlockCipher* clone() const { return new Serpent; }
Serpent() : BlockCipher(16, 16, 32, 8) {}
diff --git a/src/block/skipjack/skipjack.cpp b/src/block/skipjack/skipjack.cpp
index b23d1e160..dda984e4c 100644
--- a/src/block/skipjack/skipjack.cpp
+++ b/src/block/skipjack/skipjack.cpp
@@ -189,7 +189,7 @@ void Skipjack::key_schedule(const byte key[], u32bit)
*/
void Skipjack::clear()
{
- FTAB.clear();
+ zeroise(FTAB);
}
}
diff --git a/src/block/square/square.cpp b/src/block/square/square.cpp
index adcf18611..f96162c37 100644
--- a/src/block/square/square.cpp
+++ b/src/block/square/square.cpp
@@ -206,10 +206,10 @@ void Square::transform(u32bit round_key[4])
*/
void Square::clear()
{
- EK.clear();
- DK.clear();
- ME.clear();
- MD.clear();
+ zeroise(EK);
+ zeroise(DK);
+ zeroise(ME);
+ zeroise(MD);
}
}
diff --git a/src/block/tea/tea.h b/src/block/tea/tea.h
index 128f42080..6e1c4fafb 100644
--- a/src/block/tea/tea.h
+++ b/src/block/tea/tea.h
@@ -21,7 +21,7 @@ class BOTAN_DLL TEA : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { K.clear(); }
+ void clear() { zeroise(K); }
std::string name() const { return "TEA"; }
BlockCipher* clone() const { return new TEA; }
diff --git a/src/block/twofish/twofish.cpp b/src/block/twofish/twofish.cpp
index a183821b2..375590af1 100644
--- a/src/block/twofish/twofish.cpp
+++ b/src/block/twofish/twofish.cpp
@@ -220,11 +220,11 @@ void Twofish::rs_mul(byte S[4], byte key, u32bit offset)
*/
void Twofish::clear()
{
- SBox0.clear();
- SBox1.clear();
- SBox2.clear();
- SBox3.clear();
- round_key.clear();
+ zeroise(SBox0);
+ zeroise(SBox1);
+ zeroise(SBox2);
+ zeroise(SBox3);
+ zeroise(round_key);
}
}
diff --git a/src/block/xtea/xtea.h b/src/block/xtea/xtea.h
index d15108939..d328bf2f0 100644
--- a/src/block/xtea/xtea.h
+++ b/src/block/xtea/xtea.h
@@ -21,7 +21,7 @@ class BOTAN_DLL XTEA : public BlockCipher
void encrypt_n(const byte in[], byte out[], u32bit blocks) const;
void decrypt_n(const byte in[], byte out[], u32bit blocks) const;
- void clear() { EK.clear(); }
+ void clear() { zeroise(EK); }
std::string name() const { return "XTEA"; }
BlockCipher* clone() const { return new XTEA; }
diff --git a/src/cms/cms_enc.cpp b/src/cms/cms_enc.cpp
index 3437c15e3..ebb89df60 100644
--- a/src/cms/cms_enc.cpp
+++ b/src/cms/cms_enc.cpp
@@ -46,7 +46,7 @@ SecureVector<byte> CMS_Encoder::get_contents()
end_explicit().
end_cons();
- data.clear();
+ data.destroy();
return encoder.get_contents();
}
diff --git a/src/constructs/aont/package.cpp b/src/constructs/aont/package.cpp
index e10087060..1e25a3b24 100644
--- a/src/constructs/aont/package.cpp
+++ b/src/constructs/aont/package.cpp
@@ -49,7 +49,7 @@ void aont_package(RandomNumberGenerator& rng,
u32bit left = std::min<u32bit>(cipher->BLOCK_SIZE,
input_len - cipher->BLOCK_SIZE * i);
- buf.clear();
+ zeroise(buf);
copy_mem(&buf[0], output + cipher->BLOCK_SIZE * i, left);
for(u32bit j = 0; j != 4; ++j)
@@ -95,7 +95,7 @@ void aont_unpackage(BlockCipher* cipher,
u32bit left = std::min<u32bit>(cipher->BLOCK_SIZE,
input_len - cipher->BLOCK_SIZE * (i+1));
- buf.clear();
+ zeroise(buf);
copy_mem(&buf[0], input + cipher->BLOCK_SIZE * i, left);
for(u32bit j = 0; j != 4; ++j)
diff --git a/src/filters/modes/cfb/cfb.cpp b/src/filters/modes/cfb/cfb.cpp
index 239b03254..9ec4c5de3 100644
--- a/src/filters/modes/cfb/cfb.cpp
+++ b/src/filters/modes/cfb/cfb.cpp
@@ -58,7 +58,7 @@ void CFB_Encryption::set_iv(const InitializationVector& iv)
throw Invalid_IV_Length(name(), iv.length());
state = iv.bits_of();
- buffer.clear();
+ zeroise(buffer);
position = 0;
cipher->encrypt(state, buffer);
@@ -135,7 +135,7 @@ void CFB_Decryption::set_iv(const InitializationVector& iv)
throw Invalid_IV_Length(name(), iv.length());
state = iv.bits_of();
- buffer.clear();
+ zeroise(buffer);
position = 0;
cipher->encrypt(state, buffer);
diff --git a/src/filters/modes/cts/cts.cpp b/src/filters/modes/cts/cts.cpp
index 61df8897b..c404d8f33 100644
--- a/src/filters/modes/cts/cts.cpp
+++ b/src/filters/modes/cts/cts.cpp
@@ -47,7 +47,7 @@ void CTS_Encryption::set_iv(const InitializationVector& iv)
throw Invalid_IV_Length(name(), iv.length());
state = iv.bits_of();
- buffer.clear();
+ zeroise(buffer);
position = 0;
}
@@ -149,7 +149,7 @@ void CTS_Decryption::set_iv(const InitializationVector& iv)
throw Invalid_IV_Length(name(), iv.length());
state = iv.bits_of();
- buffer.clear();
+ zeroise(buffer);
position = 0;
}
diff --git a/src/hash/bmw/bmw_512.cpp b/src/hash/bmw/bmw_512.cpp
index 5ccb09579..a9b580ca6 100644
--- a/src/hash/bmw/bmw_512.cpp
+++ b/src/hash/bmw/bmw_512.cpp
@@ -178,8 +178,8 @@ void BMW_512::copy_out(byte output[])
void BMW_512::clear()
{
MDx_HashFunction::clear();
- M.clear();
- Q.clear();
+ zeroise(M);
+ zeroise(Q);
H[ 0] = 0x8081828384858687;
H[ 1] = 0x88898A8B8C8D8E8F;
diff --git a/src/hash/gost_3411/gost_3411.cpp b/src/hash/gost_3411/gost_3411.cpp
index f09b0fc60..7e6fd8fac 100644
--- a/src/hash/gost_3411/gost_3411.cpp
+++ b/src/hash/gost_3411/gost_3411.cpp
@@ -26,8 +26,8 @@ GOST_34_11::GOST_34_11() :
void GOST_34_11::clear()
{
cipher.clear();
- sum.clear();
- hash.clear();
+ zeroise(sum);
+ zeroise(hash);
count = 0;
position = 0;
}
diff --git a/src/hash/has160/has160.cpp b/src/hash/has160/has160.cpp
index d245a0249..fd39e7ea0 100644
--- a/src/hash/has160/has160.cpp
+++ b/src/hash/has160/has160.cpp
@@ -154,7 +154,7 @@ void HAS_160::copy_out(byte output[])
void HAS_160::clear()
{
MDx_HashFunction::clear();
- X.clear();
+ zeroise(X);
digest[0] = 0x67452301;
digest[1] = 0xEFCDAB89;
digest[2] = 0x98BADCFE;
diff --git a/src/hash/md2/md2.cpp b/src/hash/md2/md2.cpp
index 7d0ab0ab0..b3ccae6df 100644
--- a/src/hash/md2/md2.cpp
+++ b/src/hash/md2/md2.cpp
@@ -99,9 +99,9 @@ void MD2::final_result(byte output[])
*/
void MD2::clear()
{
- X.clear();
- checksum.clear();
- buffer.clear();
+ zeroise(X);
+ zeroise(checksum);
+ zeroise(buffer);
position = 0;
}
diff --git a/src/hash/md4/md4.cpp b/src/hash/md4/md4.cpp
index f573dae25..edba1d08a 100644
--- a/src/hash/md4/md4.cpp
+++ b/src/hash/md4/md4.cpp
@@ -104,7 +104,7 @@ void MD4::copy_out(byte output[])
void MD4::clear()
{
MDx_HashFunction::clear();
- M.clear();
+ zeroise(M);
digest[0] = 0x67452301;
digest[1] = 0xEFCDAB89;
digest[2] = 0x98BADCFE;
diff --git a/src/hash/md5/md5.cpp b/src/hash/md5/md5.cpp
index 8c1e5a8e1..104155e9d 100644
--- a/src/hash/md5/md5.cpp
+++ b/src/hash/md5/md5.cpp
@@ -126,7 +126,7 @@ void MD5::copy_out(byte output[])
void MD5::clear()
{
MDx_HashFunction::clear();
- M.clear();
+ zeroise(M);
digest[0] = 0x67452301;
digest[1] = 0xEFCDAB89;
digest[2] = 0x98BADCFE;
diff --git a/src/hash/mdx_hash/mdx_hash.cpp b/src/hash/mdx_hash/mdx_hash.cpp
index bf571076e..ffca0d93b 100644
--- a/src/hash/mdx_hash/mdx_hash.cpp
+++ b/src/hash/mdx_hash/mdx_hash.cpp
@@ -30,7 +30,7 @@ MDx_HashFunction::MDx_HashFunction(u32bit hash_len, u32bit block_len,
*/
void MDx_HashFunction::clear()
{
- buffer.clear();
+ zeroise(buffer);
count = position = 0;
}
@@ -76,7 +76,7 @@ void MDx_HashFunction::final_result(byte output[])
if(position >= HASH_BLOCK_SIZE - COUNT_SIZE)
{
compress_n(buffer, 1);
- buffer.clear();
+ zeroise(buffer);
}
write_count(buffer + HASH_BLOCK_SIZE - COUNT_SIZE);
diff --git a/src/hash/rmd128/rmd128.cpp b/src/hash/rmd128/rmd128.cpp
index 51e416eb1..9e0f6701e 100644
--- a/src/hash/rmd128/rmd128.cpp
+++ b/src/hash/rmd128/rmd128.cpp
@@ -166,7 +166,7 @@ void RIPEMD_128::copy_out(byte output[])
void RIPEMD_128::clear()
{
MDx_HashFunction::clear();
- M.clear();
+ zeroise(M);
digest[0] = 0x67452301;
digest[1] = 0xEFCDAB89;
digest[2] = 0x98BADCFE;
diff --git a/src/hash/rmd160/rmd160.cpp b/src/hash/rmd160/rmd160.cpp
index 5237f1e12..4975814f4 100644
--- a/src/hash/rmd160/rmd160.cpp
+++ b/src/hash/rmd160/rmd160.cpp
@@ -199,7 +199,7 @@ void RIPEMD_160::copy_out(byte output[])
void RIPEMD_160::clear()
{
MDx_HashFunction::clear();
- M.clear();
+ zeroise(M);
digest[0] = 0x67452301;
digest[1] = 0xEFCDAB89;
digest[2] = 0x98BADCFE;
diff --git a/src/hash/sha1/sha160.cpp b/src/hash/sha1/sha160.cpp
index 1ad08d483..1e57f0cf4 100644
--- a/src/hash/sha1/sha160.cpp
+++ b/src/hash/sha1/sha160.cpp
@@ -144,7 +144,7 @@ void SHA_160::copy_out(byte output[])
void SHA_160::clear()
{
MDx_HashFunction::clear();
- W.clear();
+ zeroise(W);
digest[0] = 0x67452301;
digest[1] = 0xEFCDAB89;
digest[2] = 0x98BADCFE;
diff --git a/src/hash/sha2/sha2_32.cpp b/src/hash/sha2/sha2_32.cpp
index 4315e10d6..a18a4d8c4 100644
--- a/src/hash/sha2/sha2_32.cpp
+++ b/src/hash/sha2/sha2_32.cpp
@@ -181,7 +181,7 @@ void SHA_224::copy_out(byte output[])
void SHA_224::clear()
{
MDx_HashFunction::clear();
- W.clear();
+ zeroise(W);
digest[0] = 0xC1059ED8;
digest[1] = 0x367CD507;
digest[2] = 0x3070DD17;
@@ -215,7 +215,7 @@ void SHA_256::copy_out(byte output[])
void SHA_256::clear()
{
MDx_HashFunction::clear();
- W.clear();
+ zeroise(W);
digest[0] = 0x6A09E667;
digest[1] = 0xBB67AE85;
digest[2] = 0x3C6EF372;
diff --git a/src/hash/sha2/sha2_64.cpp b/src/hash/sha2/sha2_64.cpp
index 10fe81a5e..aecf9a0db 100644
--- a/src/hash/sha2/sha2_64.cpp
+++ b/src/hash/sha2/sha2_64.cpp
@@ -188,7 +188,7 @@ void SHA_384::copy_out(byte output[])
void SHA_384::clear()
{
MDx_HashFunction::clear();
- W.clear();
+ zeroise(W);
digest[0] = 0xCBBB9D5DC1059ED8;
digest[1] = 0x629A292A367CD507;
digest[2] = 0x9159015A3070DD17;
@@ -222,7 +222,7 @@ void SHA_512::copy_out(byte output[])
void SHA_512::clear()
{
MDx_HashFunction::clear();
- W.clear();
+ zeroise(W);
digest[0] = 0x6A09E667F3BCC908;
digest[1] = 0xBB67AE8584CAA73B;
digest[2] = 0x3C6EF372FE94F82B;
diff --git a/src/hash/skein/skein_512.cpp b/src/hash/skein/skein_512.cpp
index 4d7717ef4..1fdd9fbf6 100644
--- a/src/hash/skein/skein_512.cpp
+++ b/src/hash/skein/skein_512.cpp
@@ -186,9 +186,9 @@ HashFunction* Skein_512::clone() const
void Skein_512::clear()
{
- H.clear();
- T.clear();
- buffer.clear();
+ zeroise(H);
+ zeroise(T);
+ zeroise(buffer);
buf_pos = 0;
}
diff --git a/src/hash/tiger/tiger.cpp b/src/hash/tiger/tiger.cpp
index 3013ab38e..1812abf12 100644
--- a/src/hash/tiger/tiger.cpp
+++ b/src/hash/tiger/tiger.cpp
@@ -136,7 +136,7 @@ void Tiger::pass(u64bit& A, u64bit& B, u64bit& C, u64bit X[8], byte mul)
void Tiger::clear()
{
MDx_HashFunction::clear();
- X.clear();
+ zeroise(X);
digest[0] = 0x0123456789ABCDEF;
digest[1] = 0xFEDCBA9876543210;
digest[2] = 0xF096A5B4C3B2E187;
diff --git a/src/hash/whirlpool/whrlpool.cpp b/src/hash/whirlpool/whrlpool.cpp
index 06755fe77..6f62695c8 100644
--- a/src/hash/whirlpool/whrlpool.cpp
+++ b/src/hash/whirlpool/whrlpool.cpp
@@ -139,8 +139,8 @@ void Whirlpool::copy_out(byte output[])
void Whirlpool::clear()
{
MDx_HashFunction::clear();
- M.clear();
- digest.clear();
+ zeroise(M);
+ zeroise(digest);
}
}
diff --git a/src/mac/cbc_mac/cbc_mac.cpp b/src/mac/cbc_mac/cbc_mac.cpp
index 6a0692580..206bce55c 100644
--- a/src/mac/cbc_mac/cbc_mac.cpp
+++ b/src/mac/cbc_mac/cbc_mac.cpp
@@ -47,7 +47,7 @@ void CBC_MAC::final_result(byte mac[])
e->encrypt(state);
copy_mem(mac, state.begin(), state.size());
- state.clear();
+ zeroise(state);
position = 0;
}
@@ -65,7 +65,7 @@ void CBC_MAC::key_schedule(const byte key[], u32bit length)
void CBC_MAC::clear()
{
e->clear();
- state.clear();
+ zeroise(state);
position = 0;
}
diff --git a/src/mac/cmac/cmac.cpp b/src/mac/cmac/cmac.cpp
index 05c5f4a88..38b62c6cb 100644
--- a/src/mac/cmac/cmac.cpp
+++ b/src/mac/cmac/cmac.cpp
@@ -81,8 +81,8 @@ void CMAC::final_result(byte mac[])
for(u32bit j = 0; j != OUTPUT_LENGTH; ++j)
mac[j] = state[j];
- state.clear();
- buffer.clear();
+ zeroise(state);
+ zeroise(buffer);
position = 0;
}
@@ -104,10 +104,10 @@ void CMAC::key_schedule(const byte key[], u32bit length)
void CMAC::clear()
{
e->clear();
- state.clear();
- buffer.clear();
- B.clear();
- P.clear();
+ zeroise(state);
+ zeroise(buffer);
+ zeroise(B);
+ zeroise(P);
position = 0;
}
diff --git a/src/mac/hmac/hmac.cpp b/src/mac/hmac/hmac.cpp
index 0d5c99702..1ad9487b4 100644
--- a/src/mac/hmac/hmac.cpp
+++ b/src/mac/hmac/hmac.cpp
@@ -61,8 +61,8 @@ void HMAC::key_schedule(const byte key[], u32bit length)
void HMAC::clear()
{
hash->clear();
- i_key.clear();
- o_key.clear();
+ zeroise(i_key);
+ zeroise(o_key);
}
/*
diff --git a/src/mac/ssl3mac/ssl3_mac.cpp b/src/mac/ssl3mac/ssl3_mac.cpp
index a4c0c635e..781cb7f27 100644
--- a/src/mac/ssl3mac/ssl3_mac.cpp
+++ b/src/mac/ssl3mac/ssl3_mac.cpp
@@ -49,8 +49,8 @@ void SSL3_MAC::key_schedule(const byte key[], u32bit length)
void SSL3_MAC::clear()
{
hash->clear();
- i_key.clear();
- o_key.clear();
+ zeroise(i_key);
+ zeroise(o_key);
}
/*
diff --git a/src/mac/x919_mac/x919_mac.cpp b/src/mac/x919_mac/x919_mac.cpp
index 42e039d60..f0c2419fa 100644
--- a/src/mac/x919_mac/x919_mac.cpp
+++ b/src/mac/x919_mac/x919_mac.cpp
@@ -46,7 +46,7 @@ void ANSI_X919_MAC::final_result(byte mac[])
e->encrypt(state);
d->decrypt(state, mac);
e->encrypt(mac);
- state.clear();
+ zeroise(state);
position = 0;
}
@@ -67,7 +67,7 @@ void ANSI_X919_MAC::clear()
{
e->clear();
d->clear();
- state.clear();
+ zeroise(state);
position = 0;
}
diff --git a/src/math/bigint/big_ops2.cpp b/src/math/bigint/big_ops2.cpp
index cc50c26e5..193c00e32 100644
--- a/src/math/bigint/big_ops2.cpp
+++ b/src/math/bigint/big_ops2.cpp
@@ -37,7 +37,7 @@ BigInt& BigInt::operator+=(const BigInt& y)
}
else if(relative_size == 0)
{
- get_reg().clear();
+ zeroise(reg);
set_sign(Positive);
}
else if(relative_size > 0)
@@ -72,7 +72,7 @@ BigInt& BigInt::operator-=(const BigInt& y)
{
if(sign() == y.sign())
{
- get_reg().clear();
+ clear();
set_sign(Positive);
}
else
@@ -99,7 +99,7 @@ BigInt& BigInt::operator*=(const BigInt& y)
if(x_sw == 0 || y_sw == 0)
{
- get_reg().clear();
+ clear();
set_sign(Positive);
}
else if(x_sw == 1 && y_sw)
diff --git a/src/math/bigint/bigint.cpp b/src/math/bigint/bigint.cpp
index 1ae8be130..2ac387a97 100644
--- a/src/math/bigint/bigint.cpp
+++ b/src/math/bigint/bigint.cpp
@@ -348,7 +348,7 @@ void BigInt::binary_decode(const byte buf[], u32bit length)
{
const u32bit WORD_BYTES = sizeof(word);
- reg.clear();
+ clear();
reg.resize(round_up<u32bit>((length / WORD_BYTES) + 1, 8));
for(u32bit j = 0; j != length / WORD_BYTES; ++j)
diff --git a/src/math/bigint/bigint.h b/src/math/bigint/bigint.h
index 64bf20068..9ce71aeca 100644
--- a/src/math/bigint/bigint.h
+++ b/src/math/bigint/bigint.h
@@ -140,7 +140,7 @@ class BOTAN_DLL BigInt
/**
* Zeroize the BigInt
*/
- void clear() { get_reg().clear(); }
+ void clear() { zeroise(reg); }
/**
* Compare this to another BigInt
diff --git a/src/math/numbertheory/point_gfp.cpp b/src/math/numbertheory/point_gfp.cpp
index 6e62a9a13..93e3392ea 100644
--- a/src/math/numbertheory/point_gfp.cpp
+++ b/src/math/numbertheory/point_gfp.cpp
@@ -46,7 +46,7 @@ void PointGFp::monty_mult(BigInt& z,
const u32bit p_size = curve.get_p_words();
const word p_dash = curve.get_p_dash();
- workspace.clear();
+ zeroise(workspace);
bigint_mul(workspace, workspace.size(), 0,
x.data(), x.size(), x.sig_words(),
@@ -73,7 +73,7 @@ void PointGFp::monty_sqr(BigInt& z, const BigInt& x,
const u32bit p_size = curve.get_p_words();
const word p_dash = curve.get_p_dash();
- workspace.clear();
+ zeroise(workspace);
bigint_sqr(workspace, workspace.size(), 0,
x.data(), x.size(), x.sig_words());
diff --git a/src/math/numbertheory/powm_mnt.cpp b/src/math/numbertheory/powm_mnt.cpp
index cce142020..80582eaa8 100644
--- a/src/math/numbertheory/powm_mnt.cpp
+++ b/src/math/numbertheory/powm_mnt.cpp
@@ -66,7 +66,7 @@ void Montgomery_Exponentiator::set_base(const BigInt& base)
const BigInt& y = g[j-1];
const u32bit y_sig = y.sig_words();
- z.clear();
+ zeroise(z);
bigint_mul(z.begin(), z.size(), workspace,
x.data(), x.size(), x_sig,
y.data(), y.size(), y_sig);
@@ -90,7 +90,7 @@ BigInt Montgomery_Exponentiator::execute() const
{
for(u32bit k = 0; k != window_bits; ++k)
{
- z.clear();
+ zeroise(z);
bigint_sqr(z.begin(), z.size(), workspace,
x.data(), x.size(), x.sig_words());
@@ -102,7 +102,7 @@ BigInt Montgomery_Exponentiator::execute() const
{
const BigInt& y = g[nibble-1];
- z.clear();
+ zeroise(z);
bigint_mul(z.begin(), z.size(), workspace,
x.data(), x.size(), x.sig_words(),
y.data(), y.size(), y.sig_words());
@@ -111,7 +111,7 @@ BigInt Montgomery_Exponentiator::execute() const
}
}
- z.clear();
+ zeroise(z);
z.copy(x.data(), x.size());
montgomery_reduce(x, z, modulus, mod_words, mod_prime);
diff --git a/src/pk_pad/eme1/eme1.cpp b/src/pk_pad/eme1/eme1.cpp
index 9eab16d6c..84fcf4b83 100644
--- a/src/pk_pad/eme1/eme1.cpp
+++ b/src/pk_pad/eme1/eme1.cpp
@@ -26,8 +26,6 @@ SecureVector<byte> EME1::pad(const byte in[], u32bit in_length,
SecureVector<byte> out(key_length);
- out.clear();
-
rng.randomize(out, HASH_LENGTH);
out.copy(HASH_LENGTH, Phash, Phash.size());
diff --git a/src/pk_pad/emsa3/emsa3.cpp b/src/pk_pad/emsa3/emsa3.cpp
index 82981d38c..aa1b85f05 100644
--- a/src/pk_pad/emsa3/emsa3.cpp
+++ b/src/pk_pad/emsa3/emsa3.cpp
@@ -117,8 +117,8 @@ void EMSA3_Raw::update(const byte input[], u32bit length)
*/
SecureVector<byte> EMSA3_Raw::raw_data()
{
- SecureVector<byte> ret = message;
- message.clear();
+ SecureVector<byte> ret;
+ std::swap(ret, message);
return ret;
}
diff --git a/src/rng/hmac_rng/hmac_rng.cpp b/src/rng/hmac_rng/hmac_rng.cpp
index fbfa87f70..b9bd65ae1 100644
--- a/src/rng/hmac_rng/hmac_rng.cpp
+++ b/src/rng/hmac_rng/hmac_rng.cpp
@@ -107,7 +107,7 @@ void HMAC_RNG::reseed(u32bit poll_bits)
extractor->set_key(K, K.size());
// Reset state
- K.clear();
+ zeroise(K);
counter = 0;
user_input_len = 0;
@@ -147,7 +147,7 @@ void HMAC_RNG::clear()
{
extractor->clear();
prf->clear();
- K.clear();
+ zeroise(K);
counter = 0;
user_input_len = 0;
seeded = false;
diff --git a/src/rng/randpool/randpool.cpp b/src/rng/randpool/randpool.cpp
index c3e496638..fb8dfcd09 100644
--- a/src/rng/randpool/randpool.cpp
+++ b/src/rng/randpool/randpool.cpp
@@ -149,9 +149,9 @@ void Randpool::clear()
{
cipher->clear();
mac->clear();
- pool.clear();
- buffer.clear();
- counter.clear();
+ zeroise(pool);
+ zeroise(buffer);
+ zeroise(counter);
seeded = false;
}
diff --git a/src/rng/x931_rng/x931_rng.cpp b/src/rng/x931_rng/x931_rng.cpp
index f812377ed..4a06fca39 100644
--- a/src/rng/x931_rng/x931_rng.cpp
+++ b/src/rng/x931_rng/x931_rng.cpp
@@ -112,7 +112,7 @@ void ANSI_X931_RNG::clear()
{
cipher->clear();
prng->clear();
- R.clear();
+ zeroise(R);
V.destroy();
position = 0;
diff --git a/src/ssl/rec_read.cpp b/src/ssl/rec_read.cpp
index 3c008641d..895026431 100644
--- a/src/ssl/rec_read.cpp
+++ b/src/ssl/rec_read.cpp
@@ -244,7 +244,9 @@ u32bit Record_Reader::get_record(byte& msg_type,
throw TLS_Exception(BAD_RECORD_MAC, "Record_Reader: MAC failure");
msg_type = header[0];
- output.set(&plaintext[iv_size], plain_length);
+
+ output.resize(plain_length);
+ copy_mem(&output[0], &plaintext[iv_size], plain_length);
return 0;
}
diff --git a/src/ssl/rec_wri.cpp b/src/ssl/rec_wri.cpp
index d5358f4c3..40dd45219 100644
--- a/src/ssl/rec_wri.cpp
+++ b/src/ssl/rec_wri.cpp
@@ -30,7 +30,7 @@ void Record_Writer::reset()
cipher.reset();
mac.reset();
- buffer.clear();
+ zeroise(buffer);
buf_pos = 0;
major = minor = buf_type = 0;
diff --git a/src/stream/arc4/arc4.cpp b/src/stream/arc4/arc4.cpp
index 1c89379ba..a3a2f9a65 100644
--- a/src/stream/arc4/arc4.cpp
+++ b/src/stream/arc4/arc4.cpp
@@ -89,8 +89,8 @@ std::string ARC4::name() const
*/
void ARC4::clear()
{
- state.clear();
- buffer.clear();
+ zeroise(state);
+ zeroise(buffer);
position = X = Y = 0;
}
diff --git a/src/stream/ctr/ctr.cpp b/src/stream/ctr/ctr.cpp
index 8a24cd4d0..cd1b1b7fb 100644
--- a/src/stream/ctr/ctr.cpp
+++ b/src/stream/ctr/ctr.cpp
@@ -40,8 +40,8 @@ CTR_BE::~CTR_BE()
void CTR_BE::clear()
{
permutation->clear();
- buffer.clear();
- counter.clear();
+ zeroise(buffer);
+ zeroise(counter);
position = 0;
}
@@ -91,7 +91,7 @@ void CTR_BE::set_iv(const byte iv[], u32bit iv_len)
const u32bit BLOCK_SIZE = permutation->BLOCK_SIZE;
- counter.clear();
+ zeroise(counter);
counter.copy(0, iv, iv_len);
diff --git a/src/stream/ofb/ofb.cpp b/src/stream/ofb/ofb.cpp
index cfa035a4f..332673153 100644
--- a/src/stream/ofb/ofb.cpp
+++ b/src/stream/ofb/ofb.cpp
@@ -38,7 +38,7 @@ OFB::~OFB()
void OFB::clear()
{
permutation->clear();
- buffer.clear();
+ zeroise(buffer);
position = 0;
}
@@ -87,7 +87,7 @@ void OFB::set_iv(const byte iv[], u32bit iv_len)
if(!valid_iv_length(iv_len))
throw Invalid_IV_Length(name(), iv_len);
- buffer.clear();
+ zeroise(buffer);
buffer.copy(0, iv, iv_len);
permutation->encrypt(buffer);
diff --git a/src/stream/salsa20/salsa20.cpp b/src/stream/salsa20/salsa20.cpp
index a38e6e305..c52e305d1 100644
--- a/src/stream/salsa20/salsa20.cpp
+++ b/src/stream/salsa20/salsa20.cpp
@@ -232,8 +232,8 @@ std::string Salsa20::name() const
*/
void Salsa20::clear()
{
- state.clear();
- buffer.clear();
+ zeroise(state);
+ zeroise(buffer);
position = 0;
}
diff --git a/src/stream/turing/turing.cpp b/src/stream/turing/turing.cpp
index 159c262fd..bfb2166d8 100644
--- a/src/stream/turing/turing.cpp
+++ b/src/stream/turing/turing.cpp
@@ -300,12 +300,12 @@ void Turing::set_iv(const byte iv[], u32bit length)
*/
void Turing::clear()
{
- S0.clear();
- S1.clear();
- S2.clear();
- S3.clear();
+ zeroise(S0);
+ zeroise(S1);
+ zeroise(S2);
+ zeroise(S3);
- buffer.clear();
+ zeroise(buffer);
position = 0;
}
diff --git a/src/stream/wid_wake/wid_wake.cpp b/src/stream/wid_wake/wid_wake.cpp
index 225ccf9a6..f5897f1cc 100644
--- a/src/stream/wid_wake/wid_wake.cpp
+++ b/src/stream/wid_wake/wid_wake.cpp
@@ -139,10 +139,10 @@ void WiderWake_41_BE::set_iv(const byte iv[], u32bit length)
void WiderWake_41_BE::clear()
{
position = 0;
- t_key.clear();
- state.clear();
- T.clear();
- buffer.clear();
+ zeroise(t_key);
+ zeroise(state);
+ zeroise(T);
+ zeroise(buffer);
}
}
diff --git a/src/sym_algo/symkey.cpp b/src/sym_algo/symkey.cpp
index bf2b705d3..a04f29181 100644
--- a/src/sym_algo/symkey.cpp
+++ b/src/sym_algo/symkey.cpp
@@ -91,7 +91,7 @@ std::string OctetString::as_string() const
*/
OctetString& OctetString::operator^=(const OctetString& k)
{
- if(&k == this) { bits.clear(); return (*this); }
+ if(&k == this) { zeroise(bits); return (*this); }
xor_buf(bits.begin(), k.begin(), std::min(length(), k.length()));
return (*this);
}