diff options
| author | lloyd <[email protected]> | 2010-09-07 23:40:31 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2010-09-07 23:40:31 +0000 |
| commit | 197f7cd4f744ae8246832343dc514296632554b2 (patch) | |
| tree | 63963dfab01e29ce32be4c1d43e62506d9f0246d /src | |
| parent | 5f83d344e49a6d62cd8989d9fb8f8ca80ed48fc1 (diff) | |
Big, invasive but mostly automated change, with a further attempt at
harmonising MemoryRegion with std::vector:
The MemoryRegion::clear() function would zeroise the buffer, but keep
the memory allocated and the size unchanged. This is very different
from STL's clear(), which is basically the equivalent to what is
called destroy() in MemoryRegion. So to be able to replace MemoryRegion
with a std::vector, we have to rename destroy() to clear() and we have
to expose the current functionality of clear() in some other way, since
vector doesn't support this operation. Do so by adding a global function
named zeroise() which takes a MemoryRegion which is zeroed. Remove clear()
to ensure all callers are updated.
Diffstat (limited to 'src')
71 files changed, 165 insertions, 157 deletions
diff --git a/src/alloc/secmem.h b/src/alloc/secmem.h index aae1634d3..37930b963 100644 --- a/src/alloc/secmem.h +++ b/src/alloc/secmem.h @@ -126,21 +126,6 @@ class MemoryRegion { copy_mem(buf + off, in, (n > size() - off) ? (size() - off) : n); } /** - * Set the contents of this according to the argument. The size of - * *this is increased if necessary. - * @param in the array of objects of type T to copy the contents from - * @param n the size of array in - */ - void set(const T in[], u32bit n) { resize(n); copy(in, n); } - - /** - * Set the contents of this according to the argument. The size of - * *this is increased if necessary. - * @param in the buffer to copy the contents from - */ - void set(const MemoryRegion<T>& in) { set(in.begin(), in.size()); } - - /** * Append data to the end of this buffer. * @param data the array containing the data to append * @param n the size of the array data @@ -162,11 +147,6 @@ class MemoryRegion { append(other.begin(), other.size()); } /** - * Zeroise the bytes of this buffer. The length remains unchanged. - */ - void clear() { clear_mem(buf, allocated); } - - /** * Reset this buffer to an empty buffer with size zero. */ void destroy() { resize(0); } @@ -206,6 +186,22 @@ class MemoryRegion */ void init(bool locking, u32bit length = 0) { alloc = Allocator::get(locking); resize(length); } + + /** + * Set the contents of this according to the argument. The size of + * *this is increased if necessary. + * @param in the array of objects of type T to copy the contents from + * @param n the size of array in + */ + void set(const T in[], u32bit n) { resize(n); copy(in, n); } + + /** + * Set the contents of this according to the argument. The size of + * *this is increased if necessary. + * @param in the buffer to copy the contents from + */ + void set(const MemoryRegion<T>& in) { set(in.begin(), in.size()); } + private: T* allocate(u32bit n) { @@ -393,6 +389,16 @@ class SecureVector : public MemoryRegion<T> { init(true); set(in1); append(in2); } }; +/** +* Zeroise the values; length remains unchanged +* @param vec the vector to zeroise +*/ +template<typename T> +void zeroise(MemoryRegion<T>& vec) + { + clear_mem(&vec[0], vec.size()); + } + } #endif diff --git a/src/asn1/ber_dec.cpp b/src/asn1/ber_dec.cpp index ea0334202..1c0d218ca 100644 --- a/src/asn1/ber_dec.cpp +++ b/src/asn1/ber_dec.cpp @@ -451,7 +451,9 @@ BER_Decoder& BER_Decoder::decode(MemoryRegion<byte>& buffer, { if(obj.value[0] >= 8) throw BER_Decoding_Error("Bad number of unused bits in BIT STRING"); - buffer.set(obj.value + 1, obj.value.size() - 1); + + buffer.resize(obj.value.size() - 1); + copy_mem(&buffer[0], &obj.value[1], obj.value.size() - 1); } return (*this); } @@ -467,7 +469,7 @@ BER_Decoder& BER_Decoder::decode_optional_string(MemoryRegion<byte>& out, ASN1_Tag type_tag = static_cast<ASN1_Tag>(type_no); - out.clear(); + out.destroy(); push_back(obj); if(obj.type_tag == type_tag && obj.class_tag == CONTEXT_SPECIFIC) diff --git a/src/block/aes/aes.cpp b/src/block/aes/aes.cpp index 8783f13a0..2485fc1a1 100644 --- a/src/block/aes/aes.cpp +++ b/src/block/aes/aes.cpp @@ -693,10 +693,10 @@ AES::AES(u32bit key_size) : BlockCipher(16, key_size) */ void AES::clear() { - EK.clear(); - DK.clear(); - ME.clear(); - MD.clear(); + zeroise(EK); + zeroise(DK); + zeroise(ME); + zeroise(MD); } } diff --git a/src/block/aes_intel/aes_intel.cpp b/src/block/aes_intel/aes_intel.cpp index 211bb3b47..c52f3fcd3 100644 --- a/src/block/aes_intel/aes_intel.cpp +++ b/src/block/aes_intel/aes_intel.cpp @@ -306,8 +306,8 @@ void AES_128_Intel::key_schedule(const byte key[], u32bit) */ void AES_128_Intel::clear() { - EK.clear(); - DK.clear(); + zeroise(EK); + zeroise(DK); } /* @@ -522,8 +522,8 @@ void AES_192_Intel::key_schedule(const byte key[], u32bit) */ void AES_192_Intel::clear() { - EK.clear(); - DK.clear(); + zeroise(EK); + zeroise(DK); } /* @@ -772,8 +772,8 @@ void AES_256_Intel::key_schedule(const byte key[], u32bit) */ void AES_256_Intel::clear() { - EK.clear(); - DK.clear(); + zeroise(EK); + zeroise(DK); } } diff --git a/src/block/aes_ssse3/aes_ssse3.h b/src/block/aes_ssse3/aes_ssse3.h index 8087b58a0..babd30509 100644 --- a/src/block/aes_ssse3/aes_ssse3.h +++ b/src/block/aes_ssse3/aes_ssse3.h @@ -21,7 +21,7 @@ class BOTAN_DLL AES_128_SSSE3 : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); DK.clear(); } + void clear() { zeroise(EK); zeroise(DK); } std::string name() const { return "AES-128"; } BlockCipher* clone() const { return new AES_128_SSSE3; } @@ -41,7 +41,7 @@ class BOTAN_DLL AES_192_SSSE3 : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); DK.clear(); } + void clear() { zeroise(EK); zeroise(DK); } std::string name() const { return "AES-192"; } BlockCipher* clone() const { return new AES_192_SSSE3; } @@ -61,7 +61,7 @@ class BOTAN_DLL AES_256_SSSE3 : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); DK.clear(); } + void clear() { zeroise(EK); zeroise(DK); } std::string name() const { return "AES-256"; } BlockCipher* clone() const { return new AES_256_SSSE3; } diff --git a/src/block/cast/cast128.h b/src/block/cast/cast128.h index 967e91938..e5d4a884b 100644 --- a/src/block/cast/cast128.h +++ b/src/block/cast/cast128.h @@ -21,7 +21,7 @@ class BOTAN_DLL CAST_128 : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { MK.clear(); RK.clear(); } + void clear() { zeroise(MK); zeroise(RK); } std::string name() const { return "CAST-128"; } BlockCipher* clone() const { return new CAST_128; } diff --git a/src/block/cast/cast256.h b/src/block/cast/cast256.h index c4a305671..c9820c1ab 100644 --- a/src/block/cast/cast256.h +++ b/src/block/cast/cast256.h @@ -21,7 +21,7 @@ class BOTAN_DLL CAST_256 : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { MK.clear(); RK.clear(); } + void clear() { zeroise(MK); zeroise(RK); } std::string name() const { return "CAST-256"; } BlockCipher* clone() const { return new CAST_256; } diff --git a/src/block/des/des.h b/src/block/des/des.h index 1ae806850..f631986f0 100644 --- a/src/block/des/des.h +++ b/src/block/des/des.h @@ -21,7 +21,7 @@ class BOTAN_DLL DES : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { round_key.clear(); } + void clear() { zeroise(round_key); } std::string name() const { return "DES"; } BlockCipher* clone() const { return new DES; } @@ -41,7 +41,7 @@ class BOTAN_DLL TripleDES : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { round_key.clear(); } + void clear() { zeroise(round_key); } std::string name() const { return "TripleDES"; } BlockCipher* clone() const { return new TripleDES; } diff --git a/src/block/des/desx.h b/src/block/des/desx.h index 45a9d8479..007948ba7 100644 --- a/src/block/des/desx.h +++ b/src/block/des/desx.h @@ -21,7 +21,7 @@ class BOTAN_DLL DESX : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { des.clear(); K1.clear(); K2.clear(); } + void clear() { des.clear(); zeroise(K1); zeroise(K2); } std::string name() const { return "DESX"; } BlockCipher* clone() const { return new DESX; } diff --git a/src/block/gost_28147/gost_28147.h b/src/block/gost_28147/gost_28147.h index ec23466f4..9d845ae72 100644 --- a/src/block/gost_28147/gost_28147.h +++ b/src/block/gost_28147/gost_28147.h @@ -55,7 +55,7 @@ class BOTAN_DLL GOST_28147_89 : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); } + void clear() { zeroise(EK); } std::string name() const { return "GOST-28147-89"; } BlockCipher* clone() const { return new GOST_28147_89(SBOX); } diff --git a/src/block/idea/idea.h b/src/block/idea/idea.h index aed3be3ea..737970b29 100644 --- a/src/block/idea/idea.h +++ b/src/block/idea/idea.h @@ -21,7 +21,7 @@ class BOTAN_DLL IDEA : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); DK.clear(); } + void clear() { zeroise(EK); zeroise(DK); } std::string name() const { return "IDEA"; } BlockCipher* clone() const { return new IDEA; } diff --git a/src/block/kasumi/kasumi.h b/src/block/kasumi/kasumi.h index fda348ef3..f8575c2d2 100644 --- a/src/block/kasumi/kasumi.h +++ b/src/block/kasumi/kasumi.h @@ -21,7 +21,7 @@ class BOTAN_DLL KASUMI : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); } + void clear() { zeroise(EK); } std::string name() const { return "KASUMI"; } BlockCipher* clone() const { return new KASUMI; } diff --git a/src/block/lion/lion.cpp b/src/block/lion/lion.cpp index d8dfd1fcb..45e051ada 100644 --- a/src/block/lion/lion.cpp +++ b/src/block/lion/lion.cpp @@ -99,8 +99,8 @@ void Lion::clear() { hash->clear(); cipher->clear(); - key1.clear(); - key2.clear(); + zeroise(key1); + zeroise(key2); } /* diff --git a/src/block/lubyrack/lubyrack.cpp b/src/block/lubyrack/lubyrack.cpp index bdb26837e..4dd0d5c8a 100644 --- a/src/block/lubyrack/lubyrack.cpp +++ b/src/block/lubyrack/lubyrack.cpp @@ -94,8 +94,8 @@ void LubyRackoff::key_schedule(const byte key[], u32bit length) */ void LubyRackoff::clear() { - K1.clear(); - K2.clear(); + zeroise(K1); + zeroise(K2); hash->clear(); } diff --git a/src/block/mars/mars.h b/src/block/mars/mars.h index f455ec5ca..37501fff1 100644 --- a/src/block/mars/mars.h +++ b/src/block/mars/mars.h @@ -21,7 +21,7 @@ class BOTAN_DLL MARS : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); } + void clear() { zeroise(EK); } std::string name() const { return "MARS"; } BlockCipher* clone() const { return new MARS; } diff --git a/src/block/misty1/misty1.h b/src/block/misty1/misty1.h index a9bc12c7b..dbb8e2c45 100644 --- a/src/block/misty1/misty1.h +++ b/src/block/misty1/misty1.h @@ -21,7 +21,7 @@ class BOTAN_DLL MISTY1 : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); DK.clear(); } + void clear() { zeroise(EK); zeroise(DK); } std::string name() const { return "MISTY1"; } BlockCipher* clone() const { return new MISTY1; } diff --git a/src/block/noekeon/noekeon.cpp b/src/block/noekeon/noekeon.cpp index 0bfce1882..95178a62b 100644 --- a/src/block/noekeon/noekeon.cpp +++ b/src/block/noekeon/noekeon.cpp @@ -203,8 +203,8 @@ void Noekeon::key_schedule(const byte key[], u32bit) */ void Noekeon::clear() { - EK.clear(); - DK.clear(); + zeroise(EK); + zeroise(DK); } } diff --git a/src/block/rc2/rc2.h b/src/block/rc2/rc2.h index c16680347..e6c900056 100644 --- a/src/block/rc2/rc2.h +++ b/src/block/rc2/rc2.h @@ -28,7 +28,7 @@ class BOTAN_DLL RC2 : public BlockCipher */ static byte EKB_code(u32bit bits); - void clear() { K.clear(); } + void clear() { zeroise(K); } std::string name() const { return "RC2"; } BlockCipher* clone() const { return new RC2; } diff --git a/src/block/rc5/rc5.h b/src/block/rc5/rc5.h index 385c6b2b1..9a794d248 100644 --- a/src/block/rc5/rc5.h +++ b/src/block/rc5/rc5.h @@ -21,7 +21,7 @@ class BOTAN_DLL RC5 : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { S.clear(); } + void clear() { zeroise(S); } std::string name() const; BlockCipher* clone() const { return new RC5(ROUNDS); } diff --git a/src/block/rc6/rc6.h b/src/block/rc6/rc6.h index 9b2d587fa..02c464c5c 100644 --- a/src/block/rc6/rc6.h +++ b/src/block/rc6/rc6.h @@ -21,7 +21,7 @@ class BOTAN_DLL RC6 : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { S.clear(); } + void clear() { zeroise(S); } std::string name() const { return "RC6"; } BlockCipher* clone() const { return new RC6; } diff --git a/src/block/safer/safer_sk.h b/src/block/safer/safer_sk.h index c93797602..26875c97b 100644 --- a/src/block/safer/safer_sk.h +++ b/src/block/safer/safer_sk.h @@ -21,7 +21,7 @@ class BOTAN_DLL SAFER_SK : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); } + void clear() { zeroise(EK); } std::string name() const; BlockCipher* clone() const; diff --git a/src/block/seed/seed.h b/src/block/seed/seed.h index 0c80199ad..bfc9c7fa1 100644 --- a/src/block/seed/seed.h +++ b/src/block/seed/seed.h @@ -21,7 +21,7 @@ class BOTAN_DLL SEED : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { K.clear(); } + void clear() { zeroise(K); } std::string name() const { return "SEED"; } BlockCipher* clone() const { return new SEED; } diff --git a/src/block/serpent/serpent.h b/src/block/serpent/serpent.h index dc81d4178..56afd3330 100644 --- a/src/block/serpent/serpent.h +++ b/src/block/serpent/serpent.h @@ -21,7 +21,7 @@ class BOTAN_DLL Serpent : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { round_key.clear(); } + void clear() { zeroise(round_key); } std::string name() const { return "Serpent"; } BlockCipher* clone() const { return new Serpent; } Serpent() : BlockCipher(16, 16, 32, 8) {} diff --git a/src/block/skipjack/skipjack.cpp b/src/block/skipjack/skipjack.cpp index b23d1e160..dda984e4c 100644 --- a/src/block/skipjack/skipjack.cpp +++ b/src/block/skipjack/skipjack.cpp @@ -189,7 +189,7 @@ void Skipjack::key_schedule(const byte key[], u32bit) */ void Skipjack::clear() { - FTAB.clear(); + zeroise(FTAB); } } diff --git a/src/block/square/square.cpp b/src/block/square/square.cpp index adcf18611..f96162c37 100644 --- a/src/block/square/square.cpp +++ b/src/block/square/square.cpp @@ -206,10 +206,10 @@ void Square::transform(u32bit round_key[4]) */ void Square::clear() { - EK.clear(); - DK.clear(); - ME.clear(); - MD.clear(); + zeroise(EK); + zeroise(DK); + zeroise(ME); + zeroise(MD); } } diff --git a/src/block/tea/tea.h b/src/block/tea/tea.h index 128f42080..6e1c4fafb 100644 --- a/src/block/tea/tea.h +++ b/src/block/tea/tea.h @@ -21,7 +21,7 @@ class BOTAN_DLL TEA : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { K.clear(); } + void clear() { zeroise(K); } std::string name() const { return "TEA"; } BlockCipher* clone() const { return new TEA; } diff --git a/src/block/twofish/twofish.cpp b/src/block/twofish/twofish.cpp index a183821b2..375590af1 100644 --- a/src/block/twofish/twofish.cpp +++ b/src/block/twofish/twofish.cpp @@ -220,11 +220,11 @@ void Twofish::rs_mul(byte S[4], byte key, u32bit offset) */ void Twofish::clear() { - SBox0.clear(); - SBox1.clear(); - SBox2.clear(); - SBox3.clear(); - round_key.clear(); + zeroise(SBox0); + zeroise(SBox1); + zeroise(SBox2); + zeroise(SBox3); + zeroise(round_key); } } diff --git a/src/block/xtea/xtea.h b/src/block/xtea/xtea.h index d15108939..d328bf2f0 100644 --- a/src/block/xtea/xtea.h +++ b/src/block/xtea/xtea.h @@ -21,7 +21,7 @@ class BOTAN_DLL XTEA : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); } + void clear() { zeroise(EK); } std::string name() const { return "XTEA"; } BlockCipher* clone() const { return new XTEA; } diff --git a/src/cms/cms_enc.cpp b/src/cms/cms_enc.cpp index 3437c15e3..ebb89df60 100644 --- a/src/cms/cms_enc.cpp +++ b/src/cms/cms_enc.cpp @@ -46,7 +46,7 @@ SecureVector<byte> CMS_Encoder::get_contents() end_explicit(). end_cons(); - data.clear(); + data.destroy(); return encoder.get_contents(); } diff --git a/src/constructs/aont/package.cpp b/src/constructs/aont/package.cpp index e10087060..1e25a3b24 100644 --- a/src/constructs/aont/package.cpp +++ b/src/constructs/aont/package.cpp @@ -49,7 +49,7 @@ void aont_package(RandomNumberGenerator& rng, u32bit left = std::min<u32bit>(cipher->BLOCK_SIZE, input_len - cipher->BLOCK_SIZE * i); - buf.clear(); + zeroise(buf); copy_mem(&buf[0], output + cipher->BLOCK_SIZE * i, left); for(u32bit j = 0; j != 4; ++j) @@ -95,7 +95,7 @@ void aont_unpackage(BlockCipher* cipher, u32bit left = std::min<u32bit>(cipher->BLOCK_SIZE, input_len - cipher->BLOCK_SIZE * (i+1)); - buf.clear(); + zeroise(buf); copy_mem(&buf[0], input + cipher->BLOCK_SIZE * i, left); for(u32bit j = 0; j != 4; ++j) diff --git a/src/filters/modes/cfb/cfb.cpp b/src/filters/modes/cfb/cfb.cpp index 239b03254..9ec4c5de3 100644 --- a/src/filters/modes/cfb/cfb.cpp +++ b/src/filters/modes/cfb/cfb.cpp @@ -58,7 +58,7 @@ void CFB_Encryption::set_iv(const InitializationVector& iv) throw Invalid_IV_Length(name(), iv.length()); state = iv.bits_of(); - buffer.clear(); + zeroise(buffer); position = 0; cipher->encrypt(state, buffer); @@ -135,7 +135,7 @@ void CFB_Decryption::set_iv(const InitializationVector& iv) throw Invalid_IV_Length(name(), iv.length()); state = iv.bits_of(); - buffer.clear(); + zeroise(buffer); position = 0; cipher->encrypt(state, buffer); diff --git a/src/filters/modes/cts/cts.cpp b/src/filters/modes/cts/cts.cpp index 61df8897b..c404d8f33 100644 --- a/src/filters/modes/cts/cts.cpp +++ b/src/filters/modes/cts/cts.cpp @@ -47,7 +47,7 @@ void CTS_Encryption::set_iv(const InitializationVector& iv) throw Invalid_IV_Length(name(), iv.length()); state = iv.bits_of(); - buffer.clear(); + zeroise(buffer); position = 0; } @@ -149,7 +149,7 @@ void CTS_Decryption::set_iv(const InitializationVector& iv) throw Invalid_IV_Length(name(), iv.length()); state = iv.bits_of(); - buffer.clear(); + zeroise(buffer); position = 0; } diff --git a/src/hash/bmw/bmw_512.cpp b/src/hash/bmw/bmw_512.cpp index 5ccb09579..a9b580ca6 100644 --- a/src/hash/bmw/bmw_512.cpp +++ b/src/hash/bmw/bmw_512.cpp @@ -178,8 +178,8 @@ void BMW_512::copy_out(byte output[]) void BMW_512::clear() { MDx_HashFunction::clear(); - M.clear(); - Q.clear(); + zeroise(M); + zeroise(Q); H[ 0] = 0x8081828384858687; H[ 1] = 0x88898A8B8C8D8E8F; diff --git a/src/hash/gost_3411/gost_3411.cpp b/src/hash/gost_3411/gost_3411.cpp index f09b0fc60..7e6fd8fac 100644 --- a/src/hash/gost_3411/gost_3411.cpp +++ b/src/hash/gost_3411/gost_3411.cpp @@ -26,8 +26,8 @@ GOST_34_11::GOST_34_11() : void GOST_34_11::clear() { cipher.clear(); - sum.clear(); - hash.clear(); + zeroise(sum); + zeroise(hash); count = 0; position = 0; } diff --git a/src/hash/has160/has160.cpp b/src/hash/has160/has160.cpp index d245a0249..fd39e7ea0 100644 --- a/src/hash/has160/has160.cpp +++ b/src/hash/has160/has160.cpp @@ -154,7 +154,7 @@ void HAS_160::copy_out(byte output[]) void HAS_160::clear() { MDx_HashFunction::clear(); - X.clear(); + zeroise(X); digest[0] = 0x67452301; digest[1] = 0xEFCDAB89; digest[2] = 0x98BADCFE; diff --git a/src/hash/md2/md2.cpp b/src/hash/md2/md2.cpp index 7d0ab0ab0..b3ccae6df 100644 --- a/src/hash/md2/md2.cpp +++ b/src/hash/md2/md2.cpp @@ -99,9 +99,9 @@ void MD2::final_result(byte output[]) */ void MD2::clear() { - X.clear(); - checksum.clear(); - buffer.clear(); + zeroise(X); + zeroise(checksum); + zeroise(buffer); position = 0; } diff --git a/src/hash/md4/md4.cpp b/src/hash/md4/md4.cpp index f573dae25..edba1d08a 100644 --- a/src/hash/md4/md4.cpp +++ b/src/hash/md4/md4.cpp @@ -104,7 +104,7 @@ void MD4::copy_out(byte output[]) void MD4::clear() { MDx_HashFunction::clear(); - M.clear(); + zeroise(M); digest[0] = 0x67452301; digest[1] = 0xEFCDAB89; digest[2] = 0x98BADCFE; diff --git a/src/hash/md5/md5.cpp b/src/hash/md5/md5.cpp index 8c1e5a8e1..104155e9d 100644 --- a/src/hash/md5/md5.cpp +++ b/src/hash/md5/md5.cpp @@ -126,7 +126,7 @@ void MD5::copy_out(byte output[]) void MD5::clear() { MDx_HashFunction::clear(); - M.clear(); + zeroise(M); digest[0] = 0x67452301; digest[1] = 0xEFCDAB89; digest[2] = 0x98BADCFE; diff --git a/src/hash/mdx_hash/mdx_hash.cpp b/src/hash/mdx_hash/mdx_hash.cpp index bf571076e..ffca0d93b 100644 --- a/src/hash/mdx_hash/mdx_hash.cpp +++ b/src/hash/mdx_hash/mdx_hash.cpp @@ -30,7 +30,7 @@ MDx_HashFunction::MDx_HashFunction(u32bit hash_len, u32bit block_len, */ void MDx_HashFunction::clear() { - buffer.clear(); + zeroise(buffer); count = position = 0; } @@ -76,7 +76,7 @@ void MDx_HashFunction::final_result(byte output[]) if(position >= HASH_BLOCK_SIZE - COUNT_SIZE) { compress_n(buffer, 1); - buffer.clear(); + zeroise(buffer); } write_count(buffer + HASH_BLOCK_SIZE - COUNT_SIZE); diff --git a/src/hash/rmd128/rmd128.cpp b/src/hash/rmd128/rmd128.cpp index 51e416eb1..9e0f6701e 100644 --- a/src/hash/rmd128/rmd128.cpp +++ b/src/hash/rmd128/rmd128.cpp @@ -166,7 +166,7 @@ void RIPEMD_128::copy_out(byte output[]) void RIPEMD_128::clear() { MDx_HashFunction::clear(); - M.clear(); + zeroise(M); digest[0] = 0x67452301; digest[1] = 0xEFCDAB89; digest[2] = 0x98BADCFE; diff --git a/src/hash/rmd160/rmd160.cpp b/src/hash/rmd160/rmd160.cpp index 5237f1e12..4975814f4 100644 --- a/src/hash/rmd160/rmd160.cpp +++ b/src/hash/rmd160/rmd160.cpp @@ -199,7 +199,7 @@ void RIPEMD_160::copy_out(byte output[]) void RIPEMD_160::clear() { MDx_HashFunction::clear(); - M.clear(); + zeroise(M); digest[0] = 0x67452301; digest[1] = 0xEFCDAB89; digest[2] = 0x98BADCFE; diff --git a/src/hash/sha1/sha160.cpp b/src/hash/sha1/sha160.cpp index 1ad08d483..1e57f0cf4 100644 --- a/src/hash/sha1/sha160.cpp +++ b/src/hash/sha1/sha160.cpp @@ -144,7 +144,7 @@ void SHA_160::copy_out(byte output[]) void SHA_160::clear() { MDx_HashFunction::clear(); - W.clear(); + zeroise(W); digest[0] = 0x67452301; digest[1] = 0xEFCDAB89; digest[2] = 0x98BADCFE; diff --git a/src/hash/sha2/sha2_32.cpp b/src/hash/sha2/sha2_32.cpp index 4315e10d6..a18a4d8c4 100644 --- a/src/hash/sha2/sha2_32.cpp +++ b/src/hash/sha2/sha2_32.cpp @@ -181,7 +181,7 @@ void SHA_224::copy_out(byte output[]) void SHA_224::clear() { MDx_HashFunction::clear(); - W.clear(); + zeroise(W); digest[0] = 0xC1059ED8; digest[1] = 0x367CD507; digest[2] = 0x3070DD17; @@ -215,7 +215,7 @@ void SHA_256::copy_out(byte output[]) void SHA_256::clear() { MDx_HashFunction::clear(); - W.clear(); + zeroise(W); digest[0] = 0x6A09E667; digest[1] = 0xBB67AE85; digest[2] = 0x3C6EF372; diff --git a/src/hash/sha2/sha2_64.cpp b/src/hash/sha2/sha2_64.cpp index 10fe81a5e..aecf9a0db 100644 --- a/src/hash/sha2/sha2_64.cpp +++ b/src/hash/sha2/sha2_64.cpp @@ -188,7 +188,7 @@ void SHA_384::copy_out(byte output[]) void SHA_384::clear() { MDx_HashFunction::clear(); - W.clear(); + zeroise(W); digest[0] = 0xCBBB9D5DC1059ED8; digest[1] = 0x629A292A367CD507; digest[2] = 0x9159015A3070DD17; @@ -222,7 +222,7 @@ void SHA_512::copy_out(byte output[]) void SHA_512::clear() { MDx_HashFunction::clear(); - W.clear(); + zeroise(W); digest[0] = 0x6A09E667F3BCC908; digest[1] = 0xBB67AE8584CAA73B; digest[2] = 0x3C6EF372FE94F82B; diff --git a/src/hash/skein/skein_512.cpp b/src/hash/skein/skein_512.cpp index 4d7717ef4..1fdd9fbf6 100644 --- a/src/hash/skein/skein_512.cpp +++ b/src/hash/skein/skein_512.cpp @@ -186,9 +186,9 @@ HashFunction* Skein_512::clone() const void Skein_512::clear() { - H.clear(); - T.clear(); - buffer.clear(); + zeroise(H); + zeroise(T); + zeroise(buffer); buf_pos = 0; } diff --git a/src/hash/tiger/tiger.cpp b/src/hash/tiger/tiger.cpp index 3013ab38e..1812abf12 100644 --- a/src/hash/tiger/tiger.cpp +++ b/src/hash/tiger/tiger.cpp @@ -136,7 +136,7 @@ void Tiger::pass(u64bit& A, u64bit& B, u64bit& C, u64bit X[8], byte mul) void Tiger::clear() { MDx_HashFunction::clear(); - X.clear(); + zeroise(X); digest[0] = 0x0123456789ABCDEF; digest[1] = 0xFEDCBA9876543210; digest[2] = 0xF096A5B4C3B2E187; diff --git a/src/hash/whirlpool/whrlpool.cpp b/src/hash/whirlpool/whrlpool.cpp index 06755fe77..6f62695c8 100644 --- a/src/hash/whirlpool/whrlpool.cpp +++ b/src/hash/whirlpool/whrlpool.cpp @@ -139,8 +139,8 @@ void Whirlpool::copy_out(byte output[]) void Whirlpool::clear() { MDx_HashFunction::clear(); - M.clear(); - digest.clear(); + zeroise(M); + zeroise(digest); } } diff --git a/src/mac/cbc_mac/cbc_mac.cpp b/src/mac/cbc_mac/cbc_mac.cpp index 6a0692580..206bce55c 100644 --- a/src/mac/cbc_mac/cbc_mac.cpp +++ b/src/mac/cbc_mac/cbc_mac.cpp @@ -47,7 +47,7 @@ void CBC_MAC::final_result(byte mac[]) e->encrypt(state); copy_mem(mac, state.begin(), state.size()); - state.clear(); + zeroise(state); position = 0; } @@ -65,7 +65,7 @@ void CBC_MAC::key_schedule(const byte key[], u32bit length) void CBC_MAC::clear() { e->clear(); - state.clear(); + zeroise(state); position = 0; } diff --git a/src/mac/cmac/cmac.cpp b/src/mac/cmac/cmac.cpp index 05c5f4a88..38b62c6cb 100644 --- a/src/mac/cmac/cmac.cpp +++ b/src/mac/cmac/cmac.cpp @@ -81,8 +81,8 @@ void CMAC::final_result(byte mac[]) for(u32bit j = 0; j != OUTPUT_LENGTH; ++j) mac[j] = state[j]; - state.clear(); - buffer.clear(); + zeroise(state); + zeroise(buffer); position = 0; } @@ -104,10 +104,10 @@ void CMAC::key_schedule(const byte key[], u32bit length) void CMAC::clear() { e->clear(); - state.clear(); - buffer.clear(); - B.clear(); - P.clear(); + zeroise(state); + zeroise(buffer); + zeroise(B); + zeroise(P); position = 0; } diff --git a/src/mac/hmac/hmac.cpp b/src/mac/hmac/hmac.cpp index 0d5c99702..1ad9487b4 100644 --- a/src/mac/hmac/hmac.cpp +++ b/src/mac/hmac/hmac.cpp @@ -61,8 +61,8 @@ void HMAC::key_schedule(const byte key[], u32bit length) void HMAC::clear() { hash->clear(); - i_key.clear(); - o_key.clear(); + zeroise(i_key); + zeroise(o_key); } /* diff --git a/src/mac/ssl3mac/ssl3_mac.cpp b/src/mac/ssl3mac/ssl3_mac.cpp index a4c0c635e..781cb7f27 100644 --- a/src/mac/ssl3mac/ssl3_mac.cpp +++ b/src/mac/ssl3mac/ssl3_mac.cpp @@ -49,8 +49,8 @@ void SSL3_MAC::key_schedule(const byte key[], u32bit length) void SSL3_MAC::clear() { hash->clear(); - i_key.clear(); - o_key.clear(); + zeroise(i_key); + zeroise(o_key); } /* diff --git a/src/mac/x919_mac/x919_mac.cpp b/src/mac/x919_mac/x919_mac.cpp index 42e039d60..f0c2419fa 100644 --- a/src/mac/x919_mac/x919_mac.cpp +++ b/src/mac/x919_mac/x919_mac.cpp @@ -46,7 +46,7 @@ void ANSI_X919_MAC::final_result(byte mac[]) e->encrypt(state); d->decrypt(state, mac); e->encrypt(mac); - state.clear(); + zeroise(state); position = 0; } @@ -67,7 +67,7 @@ void ANSI_X919_MAC::clear() { e->clear(); d->clear(); - state.clear(); + zeroise(state); position = 0; } diff --git a/src/math/bigint/big_ops2.cpp b/src/math/bigint/big_ops2.cpp index cc50c26e5..193c00e32 100644 --- a/src/math/bigint/big_ops2.cpp +++ b/src/math/bigint/big_ops2.cpp @@ -37,7 +37,7 @@ BigInt& BigInt::operator+=(const BigInt& y) } else if(relative_size == 0) { - get_reg().clear(); + zeroise(reg); set_sign(Positive); } else if(relative_size > 0) @@ -72,7 +72,7 @@ BigInt& BigInt::operator-=(const BigInt& y) { if(sign() == y.sign()) { - get_reg().clear(); + clear(); set_sign(Positive); } else @@ -99,7 +99,7 @@ BigInt& BigInt::operator*=(const BigInt& y) if(x_sw == 0 || y_sw == 0) { - get_reg().clear(); + clear(); set_sign(Positive); } else if(x_sw == 1 && y_sw) diff --git a/src/math/bigint/bigint.cpp b/src/math/bigint/bigint.cpp index 1ae8be130..2ac387a97 100644 --- a/src/math/bigint/bigint.cpp +++ b/src/math/bigint/bigint.cpp @@ -348,7 +348,7 @@ void BigInt::binary_decode(const byte buf[], u32bit length) { const u32bit WORD_BYTES = sizeof(word); - reg.clear(); + clear(); reg.resize(round_up<u32bit>((length / WORD_BYTES) + 1, 8)); for(u32bit j = 0; j != length / WORD_BYTES; ++j) diff --git a/src/math/bigint/bigint.h b/src/math/bigint/bigint.h index 64bf20068..9ce71aeca 100644 --- a/src/math/bigint/bigint.h +++ b/src/math/bigint/bigint.h @@ -140,7 +140,7 @@ class BOTAN_DLL BigInt /** * Zeroize the BigInt */ - void clear() { get_reg().clear(); } + void clear() { zeroise(reg); } /** * Compare this to another BigInt diff --git a/src/math/numbertheory/point_gfp.cpp b/src/math/numbertheory/point_gfp.cpp index 6e62a9a13..93e3392ea 100644 --- a/src/math/numbertheory/point_gfp.cpp +++ b/src/math/numbertheory/point_gfp.cpp @@ -46,7 +46,7 @@ void PointGFp::monty_mult(BigInt& z, const u32bit p_size = curve.get_p_words(); const word p_dash = curve.get_p_dash(); - workspace.clear(); + zeroise(workspace); bigint_mul(workspace, workspace.size(), 0, x.data(), x.size(), x.sig_words(), @@ -73,7 +73,7 @@ void PointGFp::monty_sqr(BigInt& z, const BigInt& x, const u32bit p_size = curve.get_p_words(); const word p_dash = curve.get_p_dash(); - workspace.clear(); + zeroise(workspace); bigint_sqr(workspace, workspace.size(), 0, x.data(), x.size(), x.sig_words()); diff --git a/src/math/numbertheory/powm_mnt.cpp b/src/math/numbertheory/powm_mnt.cpp index cce142020..80582eaa8 100644 --- a/src/math/numbertheory/powm_mnt.cpp +++ b/src/math/numbertheory/powm_mnt.cpp @@ -66,7 +66,7 @@ void Montgomery_Exponentiator::set_base(const BigInt& base) const BigInt& y = g[j-1]; const u32bit y_sig = y.sig_words(); - z.clear(); + zeroise(z); bigint_mul(z.begin(), z.size(), workspace, x.data(), x.size(), x_sig, y.data(), y.size(), y_sig); @@ -90,7 +90,7 @@ BigInt Montgomery_Exponentiator::execute() const { for(u32bit k = 0; k != window_bits; ++k) { - z.clear(); + zeroise(z); bigint_sqr(z.begin(), z.size(), workspace, x.data(), x.size(), x.sig_words()); @@ -102,7 +102,7 @@ BigInt Montgomery_Exponentiator::execute() const { const BigInt& y = g[nibble-1]; - z.clear(); + zeroise(z); bigint_mul(z.begin(), z.size(), workspace, x.data(), x.size(), x.sig_words(), y.data(), y.size(), y.sig_words()); @@ -111,7 +111,7 @@ BigInt Montgomery_Exponentiator::execute() const } } - z.clear(); + zeroise(z); z.copy(x.data(), x.size()); montgomery_reduce(x, z, modulus, mod_words, mod_prime); diff --git a/src/pk_pad/eme1/eme1.cpp b/src/pk_pad/eme1/eme1.cpp index 9eab16d6c..84fcf4b83 100644 --- a/src/pk_pad/eme1/eme1.cpp +++ b/src/pk_pad/eme1/eme1.cpp @@ -26,8 +26,6 @@ SecureVector<byte> EME1::pad(const byte in[], u32bit in_length, SecureVector<byte> out(key_length); - out.clear(); - rng.randomize(out, HASH_LENGTH); out.copy(HASH_LENGTH, Phash, Phash.size()); diff --git a/src/pk_pad/emsa3/emsa3.cpp b/src/pk_pad/emsa3/emsa3.cpp index 82981d38c..aa1b85f05 100644 --- a/src/pk_pad/emsa3/emsa3.cpp +++ b/src/pk_pad/emsa3/emsa3.cpp @@ -117,8 +117,8 @@ void EMSA3_Raw::update(const byte input[], u32bit length) */ SecureVector<byte> EMSA3_Raw::raw_data() { - SecureVector<byte> ret = message; - message.clear(); + SecureVector<byte> ret; + std::swap(ret, message); return ret; } diff --git a/src/rng/hmac_rng/hmac_rng.cpp b/src/rng/hmac_rng/hmac_rng.cpp index fbfa87f70..b9bd65ae1 100644 --- a/src/rng/hmac_rng/hmac_rng.cpp +++ b/src/rng/hmac_rng/hmac_rng.cpp @@ -107,7 +107,7 @@ void HMAC_RNG::reseed(u32bit poll_bits) extractor->set_key(K, K.size()); // Reset state - K.clear(); + zeroise(K); counter = 0; user_input_len = 0; @@ -147,7 +147,7 @@ void HMAC_RNG::clear() { extractor->clear(); prf->clear(); - K.clear(); + zeroise(K); counter = 0; user_input_len = 0; seeded = false; diff --git a/src/rng/randpool/randpool.cpp b/src/rng/randpool/randpool.cpp index c3e496638..fb8dfcd09 100644 --- a/src/rng/randpool/randpool.cpp +++ b/src/rng/randpool/randpool.cpp @@ -149,9 +149,9 @@ void Randpool::clear() { cipher->clear(); mac->clear(); - pool.clear(); - buffer.clear(); - counter.clear(); + zeroise(pool); + zeroise(buffer); + zeroise(counter); seeded = false; } diff --git a/src/rng/x931_rng/x931_rng.cpp b/src/rng/x931_rng/x931_rng.cpp index f812377ed..4a06fca39 100644 --- a/src/rng/x931_rng/x931_rng.cpp +++ b/src/rng/x931_rng/x931_rng.cpp @@ -112,7 +112,7 @@ void ANSI_X931_RNG::clear() { cipher->clear(); prng->clear(); - R.clear(); + zeroise(R); V.destroy(); position = 0; diff --git a/src/ssl/rec_read.cpp b/src/ssl/rec_read.cpp index 3c008641d..895026431 100644 --- a/src/ssl/rec_read.cpp +++ b/src/ssl/rec_read.cpp @@ -244,7 +244,9 @@ u32bit Record_Reader::get_record(byte& msg_type, throw TLS_Exception(BAD_RECORD_MAC, "Record_Reader: MAC failure"); msg_type = header[0]; - output.set(&plaintext[iv_size], plain_length); + + output.resize(plain_length); + copy_mem(&output[0], &plaintext[iv_size], plain_length); return 0; } diff --git a/src/ssl/rec_wri.cpp b/src/ssl/rec_wri.cpp index d5358f4c3..40dd45219 100644 --- a/src/ssl/rec_wri.cpp +++ b/src/ssl/rec_wri.cpp @@ -30,7 +30,7 @@ void Record_Writer::reset() cipher.reset(); mac.reset(); - buffer.clear(); + zeroise(buffer); buf_pos = 0; major = minor = buf_type = 0; diff --git a/src/stream/arc4/arc4.cpp b/src/stream/arc4/arc4.cpp index 1c89379ba..a3a2f9a65 100644 --- a/src/stream/arc4/arc4.cpp +++ b/src/stream/arc4/arc4.cpp @@ -89,8 +89,8 @@ std::string ARC4::name() const */ void ARC4::clear() { - state.clear(); - buffer.clear(); + zeroise(state); + zeroise(buffer); position = X = Y = 0; } diff --git a/src/stream/ctr/ctr.cpp b/src/stream/ctr/ctr.cpp index 8a24cd4d0..cd1b1b7fb 100644 --- a/src/stream/ctr/ctr.cpp +++ b/src/stream/ctr/ctr.cpp @@ -40,8 +40,8 @@ CTR_BE::~CTR_BE() void CTR_BE::clear() { permutation->clear(); - buffer.clear(); - counter.clear(); + zeroise(buffer); + zeroise(counter); position = 0; } @@ -91,7 +91,7 @@ void CTR_BE::set_iv(const byte iv[], u32bit iv_len) const u32bit BLOCK_SIZE = permutation->BLOCK_SIZE; - counter.clear(); + zeroise(counter); counter.copy(0, iv, iv_len); diff --git a/src/stream/ofb/ofb.cpp b/src/stream/ofb/ofb.cpp index cfa035a4f..332673153 100644 --- a/src/stream/ofb/ofb.cpp +++ b/src/stream/ofb/ofb.cpp @@ -38,7 +38,7 @@ OFB::~OFB() void OFB::clear() { permutation->clear(); - buffer.clear(); + zeroise(buffer); position = 0; } @@ -87,7 +87,7 @@ void OFB::set_iv(const byte iv[], u32bit iv_len) if(!valid_iv_length(iv_len)) throw Invalid_IV_Length(name(), iv_len); - buffer.clear(); + zeroise(buffer); buffer.copy(0, iv, iv_len); permutation->encrypt(buffer); diff --git a/src/stream/salsa20/salsa20.cpp b/src/stream/salsa20/salsa20.cpp index a38e6e305..c52e305d1 100644 --- a/src/stream/salsa20/salsa20.cpp +++ b/src/stream/salsa20/salsa20.cpp @@ -232,8 +232,8 @@ std::string Salsa20::name() const */ void Salsa20::clear() { - state.clear(); - buffer.clear(); + zeroise(state); + zeroise(buffer); position = 0; } diff --git a/src/stream/turing/turing.cpp b/src/stream/turing/turing.cpp index 159c262fd..bfb2166d8 100644 --- a/src/stream/turing/turing.cpp +++ b/src/stream/turing/turing.cpp @@ -300,12 +300,12 @@ void Turing::set_iv(const byte iv[], u32bit length) */ void Turing::clear() { - S0.clear(); - S1.clear(); - S2.clear(); - S3.clear(); + zeroise(S0); + zeroise(S1); + zeroise(S2); + zeroise(S3); - buffer.clear(); + zeroise(buffer); position = 0; } diff --git a/src/stream/wid_wake/wid_wake.cpp b/src/stream/wid_wake/wid_wake.cpp index 225ccf9a6..f5897f1cc 100644 --- a/src/stream/wid_wake/wid_wake.cpp +++ b/src/stream/wid_wake/wid_wake.cpp @@ -139,10 +139,10 @@ void WiderWake_41_BE::set_iv(const byte iv[], u32bit length) void WiderWake_41_BE::clear() { position = 0; - t_key.clear(); - state.clear(); - T.clear(); - buffer.clear(); + zeroise(t_key); + zeroise(state); + zeroise(T); + zeroise(buffer); } } diff --git a/src/sym_algo/symkey.cpp b/src/sym_algo/symkey.cpp index bf2b705d3..a04f29181 100644 --- a/src/sym_algo/symkey.cpp +++ b/src/sym_algo/symkey.cpp @@ -91,7 +91,7 @@ std::string OctetString::as_string() const */ OctetString& OctetString::operator^=(const OctetString& k) { - if(&k == this) { bits.clear(); return (*this); } + if(&k == this) { zeroise(bits); return (*this); } xor_buf(bits.begin(), k.begin(), std::min(length(), k.length())); return (*this); } |