diff options
72 files changed, 166 insertions, 158 deletions
diff --git a/doc/examples/row_encryptor.cpp b/doc/examples/row_encryptor.cpp index 8c1df66a0..685850945 100644 --- a/doc/examples/row_encryptor.cpp +++ b/doc/examples/row_encryptor.cpp @@ -162,7 +162,7 @@ int main() Row_Encryptor test_pbkdf_salt_copy(secret_passphrase, encryptor.get_pbkdf_salt()); - salt.clear(); // all-0 + zeroise(salt); std::string test = test_pbkdf_salt_copy.decrypt(encrypted_values[0], salt); if(test != original_inputs[0]) std::cout << "PBKDF salt copy failed to decrypt properly\n"; diff --git a/src/alloc/secmem.h b/src/alloc/secmem.h index aae1634d3..37930b963 100644 --- a/src/alloc/secmem.h +++ b/src/alloc/secmem.h @@ -126,21 +126,6 @@ class MemoryRegion { copy_mem(buf + off, in, (n > size() - off) ? (size() - off) : n); } /** - * Set the contents of this according to the argument. The size of - * *this is increased if necessary. - * @param in the array of objects of type T to copy the contents from - * @param n the size of array in - */ - void set(const T in[], u32bit n) { resize(n); copy(in, n); } - - /** - * Set the contents of this according to the argument. The size of - * *this is increased if necessary. - * @param in the buffer to copy the contents from - */ - void set(const MemoryRegion<T>& in) { set(in.begin(), in.size()); } - - /** * Append data to the end of this buffer. * @param data the array containing the data to append * @param n the size of the array data @@ -162,11 +147,6 @@ class MemoryRegion { append(other.begin(), other.size()); } /** - * Zeroise the bytes of this buffer. The length remains unchanged. - */ - void clear() { clear_mem(buf, allocated); } - - /** * Reset this buffer to an empty buffer with size zero. */ void destroy() { resize(0); } @@ -206,6 +186,22 @@ class MemoryRegion */ void init(bool locking, u32bit length = 0) { alloc = Allocator::get(locking); resize(length); } + + /** + * Set the contents of this according to the argument. The size of + * *this is increased if necessary. + * @param in the array of objects of type T to copy the contents from + * @param n the size of array in + */ + void set(const T in[], u32bit n) { resize(n); copy(in, n); } + + /** + * Set the contents of this according to the argument. The size of + * *this is increased if necessary. + * @param in the buffer to copy the contents from + */ + void set(const MemoryRegion<T>& in) { set(in.begin(), in.size()); } + private: T* allocate(u32bit n) { @@ -393,6 +389,16 @@ class SecureVector : public MemoryRegion<T> { init(true); set(in1); append(in2); } }; +/** +* Zeroise the values; length remains unchanged +* @param vec the vector to zeroise +*/ +template<typename T> +void zeroise(MemoryRegion<T>& vec) + { + clear_mem(&vec[0], vec.size()); + } + } #endif diff --git a/src/asn1/ber_dec.cpp b/src/asn1/ber_dec.cpp index ea0334202..1c0d218ca 100644 --- a/src/asn1/ber_dec.cpp +++ b/src/asn1/ber_dec.cpp @@ -451,7 +451,9 @@ BER_Decoder& BER_Decoder::decode(MemoryRegion<byte>& buffer, { if(obj.value[0] >= 8) throw BER_Decoding_Error("Bad number of unused bits in BIT STRING"); - buffer.set(obj.value + 1, obj.value.size() - 1); + + buffer.resize(obj.value.size() - 1); + copy_mem(&buffer[0], &obj.value[1], obj.value.size() - 1); } return (*this); } @@ -467,7 +469,7 @@ BER_Decoder& BER_Decoder::decode_optional_string(MemoryRegion<byte>& out, ASN1_Tag type_tag = static_cast<ASN1_Tag>(type_no); - out.clear(); + out.destroy(); push_back(obj); if(obj.type_tag == type_tag && obj.class_tag == CONTEXT_SPECIFIC) diff --git a/src/block/aes/aes.cpp b/src/block/aes/aes.cpp index 8783f13a0..2485fc1a1 100644 --- a/src/block/aes/aes.cpp +++ b/src/block/aes/aes.cpp @@ -693,10 +693,10 @@ AES::AES(u32bit key_size) : BlockCipher(16, key_size) */ void AES::clear() { - EK.clear(); - DK.clear(); - ME.clear(); - MD.clear(); + zeroise(EK); + zeroise(DK); + zeroise(ME); + zeroise(MD); } } diff --git a/src/block/aes_intel/aes_intel.cpp b/src/block/aes_intel/aes_intel.cpp index 211bb3b47..c52f3fcd3 100644 --- a/src/block/aes_intel/aes_intel.cpp +++ b/src/block/aes_intel/aes_intel.cpp @@ -306,8 +306,8 @@ void AES_128_Intel::key_schedule(const byte key[], u32bit) */ void AES_128_Intel::clear() { - EK.clear(); - DK.clear(); + zeroise(EK); + zeroise(DK); } /* @@ -522,8 +522,8 @@ void AES_192_Intel::key_schedule(const byte key[], u32bit) */ void AES_192_Intel::clear() { - EK.clear(); - DK.clear(); + zeroise(EK); + zeroise(DK); } /* @@ -772,8 +772,8 @@ void AES_256_Intel::key_schedule(const byte key[], u32bit) */ void AES_256_Intel::clear() { - EK.clear(); - DK.clear(); + zeroise(EK); + zeroise(DK); } } diff --git a/src/block/aes_ssse3/aes_ssse3.h b/src/block/aes_ssse3/aes_ssse3.h index 8087b58a0..babd30509 100644 --- a/src/block/aes_ssse3/aes_ssse3.h +++ b/src/block/aes_ssse3/aes_ssse3.h @@ -21,7 +21,7 @@ class BOTAN_DLL AES_128_SSSE3 : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); DK.clear(); } + void clear() { zeroise(EK); zeroise(DK); } std::string name() const { return "AES-128"; } BlockCipher* clone() const { return new AES_128_SSSE3; } @@ -41,7 +41,7 @@ class BOTAN_DLL AES_192_SSSE3 : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); DK.clear(); } + void clear() { zeroise(EK); zeroise(DK); } std::string name() const { return "AES-192"; } BlockCipher* clone() const { return new AES_192_SSSE3; } @@ -61,7 +61,7 @@ class BOTAN_DLL AES_256_SSSE3 : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); DK.clear(); } + void clear() { zeroise(EK); zeroise(DK); } std::string name() const { return "AES-256"; } BlockCipher* clone() const { return new AES_256_SSSE3; } diff --git a/src/block/cast/cast128.h b/src/block/cast/cast128.h index 967e91938..e5d4a884b 100644 --- a/src/block/cast/cast128.h +++ b/src/block/cast/cast128.h @@ -21,7 +21,7 @@ class BOTAN_DLL CAST_128 : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { MK.clear(); RK.clear(); } + void clear() { zeroise(MK); zeroise(RK); } std::string name() const { return "CAST-128"; } BlockCipher* clone() const { return new CAST_128; } diff --git a/src/block/cast/cast256.h b/src/block/cast/cast256.h index c4a305671..c9820c1ab 100644 --- a/src/block/cast/cast256.h +++ b/src/block/cast/cast256.h @@ -21,7 +21,7 @@ class BOTAN_DLL CAST_256 : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { MK.clear(); RK.clear(); } + void clear() { zeroise(MK); zeroise(RK); } std::string name() const { return "CAST-256"; } BlockCipher* clone() const { return new CAST_256; } diff --git a/src/block/des/des.h b/src/block/des/des.h index 1ae806850..f631986f0 100644 --- a/src/block/des/des.h +++ b/src/block/des/des.h @@ -21,7 +21,7 @@ class BOTAN_DLL DES : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { round_key.clear(); } + void clear() { zeroise(round_key); } std::string name() const { return "DES"; } BlockCipher* clone() const { return new DES; } @@ -41,7 +41,7 @@ class BOTAN_DLL TripleDES : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { round_key.clear(); } + void clear() { zeroise(round_key); } std::string name() const { return "TripleDES"; } BlockCipher* clone() const { return new TripleDES; } diff --git a/src/block/des/desx.h b/src/block/des/desx.h index 45a9d8479..007948ba7 100644 --- a/src/block/des/desx.h +++ b/src/block/des/desx.h @@ -21,7 +21,7 @@ class BOTAN_DLL DESX : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { des.clear(); K1.clear(); K2.clear(); } + void clear() { des.clear(); zeroise(K1); zeroise(K2); } std::string name() const { return "DESX"; } BlockCipher* clone() const { return new DESX; } diff --git a/src/block/gost_28147/gost_28147.h b/src/block/gost_28147/gost_28147.h index ec23466f4..9d845ae72 100644 --- a/src/block/gost_28147/gost_28147.h +++ b/src/block/gost_28147/gost_28147.h @@ -55,7 +55,7 @@ class BOTAN_DLL GOST_28147_89 : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); } + void clear() { zeroise(EK); } std::string name() const { return "GOST-28147-89"; } BlockCipher* clone() const { return new GOST_28147_89(SBOX); } diff --git a/src/block/idea/idea.h b/src/block/idea/idea.h index aed3be3ea..737970b29 100644 --- a/src/block/idea/idea.h +++ b/src/block/idea/idea.h @@ -21,7 +21,7 @@ class BOTAN_DLL IDEA : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); DK.clear(); } + void clear() { zeroise(EK); zeroise(DK); } std::string name() const { return "IDEA"; } BlockCipher* clone() const { return new IDEA; } diff --git a/src/block/kasumi/kasumi.h b/src/block/kasumi/kasumi.h index fda348ef3..f8575c2d2 100644 --- a/src/block/kasumi/kasumi.h +++ b/src/block/kasumi/kasumi.h @@ -21,7 +21,7 @@ class BOTAN_DLL KASUMI : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); } + void clear() { zeroise(EK); } std::string name() const { return "KASUMI"; } BlockCipher* clone() const { return new KASUMI; } diff --git a/src/block/lion/lion.cpp b/src/block/lion/lion.cpp index d8dfd1fcb..45e051ada 100644 --- a/src/block/lion/lion.cpp +++ b/src/block/lion/lion.cpp @@ -99,8 +99,8 @@ void Lion::clear() { hash->clear(); cipher->clear(); - key1.clear(); - key2.clear(); + zeroise(key1); + zeroise(key2); } /* diff --git a/src/block/lubyrack/lubyrack.cpp b/src/block/lubyrack/lubyrack.cpp index bdb26837e..4dd0d5c8a 100644 --- a/src/block/lubyrack/lubyrack.cpp +++ b/src/block/lubyrack/lubyrack.cpp @@ -94,8 +94,8 @@ void LubyRackoff::key_schedule(const byte key[], u32bit length) */ void LubyRackoff::clear() { - K1.clear(); - K2.clear(); + zeroise(K1); + zeroise(K2); hash->clear(); } diff --git a/src/block/mars/mars.h b/src/block/mars/mars.h index f455ec5ca..37501fff1 100644 --- a/src/block/mars/mars.h +++ b/src/block/mars/mars.h @@ -21,7 +21,7 @@ class BOTAN_DLL MARS : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); } + void clear() { zeroise(EK); } std::string name() const { return "MARS"; } BlockCipher* clone() const { return new MARS; } diff --git a/src/block/misty1/misty1.h b/src/block/misty1/misty1.h index a9bc12c7b..dbb8e2c45 100644 --- a/src/block/misty1/misty1.h +++ b/src/block/misty1/misty1.h @@ -21,7 +21,7 @@ class BOTAN_DLL MISTY1 : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); DK.clear(); } + void clear() { zeroise(EK); zeroise(DK); } std::string name() const { return "MISTY1"; } BlockCipher* clone() const { return new MISTY1; } diff --git a/src/block/noekeon/noekeon.cpp b/src/block/noekeon/noekeon.cpp index 0bfce1882..95178a62b 100644 --- a/src/block/noekeon/noekeon.cpp +++ b/src/block/noekeon/noekeon.cpp @@ -203,8 +203,8 @@ void Noekeon::key_schedule(const byte key[], u32bit) */ void Noekeon::clear() { - EK.clear(); - DK.clear(); + zeroise(EK); + zeroise(DK); } } diff --git a/src/block/rc2/rc2.h b/src/block/rc2/rc2.h index c16680347..e6c900056 100644 --- a/src/block/rc2/rc2.h +++ b/src/block/rc2/rc2.h @@ -28,7 +28,7 @@ class BOTAN_DLL RC2 : public BlockCipher */ static byte EKB_code(u32bit bits); - void clear() { K.clear(); } + void clear() { zeroise(K); } std::string name() const { return "RC2"; } BlockCipher* clone() const { return new RC2; } diff --git a/src/block/rc5/rc5.h b/src/block/rc5/rc5.h index 385c6b2b1..9a794d248 100644 --- a/src/block/rc5/rc5.h +++ b/src/block/rc5/rc5.h @@ -21,7 +21,7 @@ class BOTAN_DLL RC5 : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { S.clear(); } + void clear() { zeroise(S); } std::string name() const; BlockCipher* clone() const { return new RC5(ROUNDS); } diff --git a/src/block/rc6/rc6.h b/src/block/rc6/rc6.h index 9b2d587fa..02c464c5c 100644 --- a/src/block/rc6/rc6.h +++ b/src/block/rc6/rc6.h @@ -21,7 +21,7 @@ class BOTAN_DLL RC6 : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { S.clear(); } + void clear() { zeroise(S); } std::string name() const { return "RC6"; } BlockCipher* clone() const { return new RC6; } diff --git a/src/block/safer/safer_sk.h b/src/block/safer/safer_sk.h index c93797602..26875c97b 100644 --- a/src/block/safer/safer_sk.h +++ b/src/block/safer/safer_sk.h @@ -21,7 +21,7 @@ class BOTAN_DLL SAFER_SK : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); } + void clear() { zeroise(EK); } std::string name() const; BlockCipher* clone() const; diff --git a/src/block/seed/seed.h b/src/block/seed/seed.h index 0c80199ad..bfc9c7fa1 100644 --- a/src/block/seed/seed.h +++ b/src/block/seed/seed.h @@ -21,7 +21,7 @@ class BOTAN_DLL SEED : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { K.clear(); } + void clear() { zeroise(K); } std::string name() const { return "SEED"; } BlockCipher* clone() const { return new SEED; } diff --git a/src/block/serpent/serpent.h b/src/block/serpent/serpent.h index dc81d4178..56afd3330 100644 --- a/src/block/serpent/serpent.h +++ b/src/block/serpent/serpent.h @@ -21,7 +21,7 @@ class BOTAN_DLL Serpent : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { round_key.clear(); } + void clear() { zeroise(round_key); } std::string name() const { return "Serpent"; } BlockCipher* clone() const { return new Serpent; } Serpent() : BlockCipher(16, 16, 32, 8) {} diff --git a/src/block/skipjack/skipjack.cpp b/src/block/skipjack/skipjack.cpp index b23d1e160..dda984e4c 100644 --- a/src/block/skipjack/skipjack.cpp +++ b/src/block/skipjack/skipjack.cpp @@ -189,7 +189,7 @@ void Skipjack::key_schedule(const byte key[], u32bit) */ void Skipjack::clear() { - FTAB.clear(); + zeroise(FTAB); } } diff --git a/src/block/square/square.cpp b/src/block/square/square.cpp index adcf18611..f96162c37 100644 --- a/src/block/square/square.cpp +++ b/src/block/square/square.cpp @@ -206,10 +206,10 @@ void Square::transform(u32bit round_key[4]) */ void Square::clear() { - EK.clear(); - DK.clear(); - ME.clear(); - MD.clear(); + zeroise(EK); + zeroise(DK); + zeroise(ME); + zeroise(MD); } } diff --git a/src/block/tea/tea.h b/src/block/tea/tea.h index 128f42080..6e1c4fafb 100644 --- a/src/block/tea/tea.h +++ b/src/block/tea/tea.h @@ -21,7 +21,7 @@ class BOTAN_DLL TEA : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { K.clear(); } + void clear() { zeroise(K); } std::string name() const { return "TEA"; } BlockCipher* clone() const { return new TEA; } diff --git a/src/block/twofish/twofish.cpp b/src/block/twofish/twofish.cpp index a183821b2..375590af1 100644 --- a/src/block/twofish/twofish.cpp +++ b/src/block/twofish/twofish.cpp @@ -220,11 +220,11 @@ void Twofish::rs_mul(byte S[4], byte key, u32bit offset) */ void Twofish::clear() { - SBox0.clear(); - SBox1.clear(); - SBox2.clear(); - SBox3.clear(); - round_key.clear(); + zeroise(SBox0); + zeroise(SBox1); + zeroise(SBox2); + zeroise(SBox3); + zeroise(round_key); } } diff --git a/src/block/xtea/xtea.h b/src/block/xtea/xtea.h index d15108939..d328bf2f0 100644 --- a/src/block/xtea/xtea.h +++ b/src/block/xtea/xtea.h @@ -21,7 +21,7 @@ class BOTAN_DLL XTEA : public BlockCipher void encrypt_n(const byte in[], byte out[], u32bit blocks) const; void decrypt_n(const byte in[], byte out[], u32bit blocks) const; - void clear() { EK.clear(); } + void clear() { zeroise(EK); } std::string name() const { return "XTEA"; } BlockCipher* clone() const { return new XTEA; } diff --git a/src/cms/cms_enc.cpp b/src/cms/cms_enc.cpp index 3437c15e3..ebb89df60 100644 --- a/src/cms/cms_enc.cpp +++ b/src/cms/cms_enc.cpp @@ -46,7 +46,7 @@ SecureVector<byte> CMS_Encoder::get_contents() end_explicit(). end_cons(); - data.clear(); + data.destroy(); return encoder.get_contents(); } diff --git a/src/constructs/aont/package.cpp b/src/constructs/aont/package.cpp index e10087060..1e25a3b24 100644 --- a/src/constructs/aont/package.cpp +++ b/src/constructs/aont/package.cpp @@ -49,7 +49,7 @@ void aont_package(RandomNumberGenerator& rng, u32bit left = std::min<u32bit>(cipher->BLOCK_SIZE, input_len - cipher->BLOCK_SIZE * i); - buf.clear(); + zeroise(buf); copy_mem(&buf[0], output + cipher->BLOCK_SIZE * i, left); for(u32bit j = 0; j != 4; ++j) @@ -95,7 +95,7 @@ void aont_unpackage(BlockCipher* cipher, u32bit left = std::min<u32bit>(cipher->BLOCK_SIZE, input_len - cipher->BLOCK_SIZE * (i+1)); - buf.clear(); + zeroise(buf); copy_mem(&buf[0], input + cipher->BLOCK_SIZE * i, left); for(u32bit j = 0; j != 4; ++j) diff --git a/src/filters/modes/cfb/cfb.cpp b/src/filters/modes/cfb/cfb.cpp index 239b03254..9ec4c5de3 100644 --- a/src/filters/modes/cfb/cfb.cpp +++ b/src/filters/modes/cfb/cfb.cpp @@ -58,7 +58,7 @@ void CFB_Encryption::set_iv(const InitializationVector& iv) throw Invalid_IV_Length(name(), iv.length()); state = iv.bits_of(); - buffer.clear(); + zeroise(buffer); position = 0; cipher->encrypt(state, buffer); @@ -135,7 +135,7 @@ void CFB_Decryption::set_iv(const InitializationVector& iv) throw Invalid_IV_Length(name(), iv.length()); state = iv.bits_of(); - buffer.clear(); + zeroise(buffer); position = 0; cipher->encrypt(state, buffer); diff --git a/src/filters/modes/cts/cts.cpp b/src/filters/modes/cts/cts.cpp index 61df8897b..c404d8f33 100644 --- a/src/filters/modes/cts/cts.cpp +++ b/src/filters/modes/cts/cts.cpp @@ -47,7 +47,7 @@ void CTS_Encryption::set_iv(const InitializationVector& iv) throw Invalid_IV_Length(name(), iv.length()); state = iv.bits_of(); - buffer.clear(); + zeroise(buffer); position = 0; } @@ -149,7 +149,7 @@ void CTS_Decryption::set_iv(const InitializationVector& iv) throw Invalid_IV_Length(name(), iv.length()); state = iv.bits_of(); - buffer.clear(); + zeroise(buffer); position = 0; } diff --git a/src/hash/bmw/bmw_512.cpp b/src/hash/bmw/bmw_512.cpp index 5ccb09579..a9b580ca6 100644 --- a/src/hash/bmw/bmw_512.cpp +++ b/src/hash/bmw/bmw_512.cpp @@ -178,8 +178,8 @@ void BMW_512::copy_out(byte output[]) void BMW_512::clear() { MDx_HashFunction::clear(); - M.clear(); - Q.clear(); + zeroise(M); + zeroise(Q); H[ 0] = 0x8081828384858687; H[ 1] = 0x88898A8B8C8D8E8F; diff --git a/src/hash/gost_3411/gost_3411.cpp b/src/hash/gost_3411/gost_3411.cpp index f09b0fc60..7e6fd8fac 100644 --- a/src/hash/gost_3411/gost_3411.cpp +++ b/src/hash/gost_3411/gost_3411.cpp @@ -26,8 +26,8 @@ GOST_34_11::GOST_34_11() : void GOST_34_11::clear() { cipher.clear(); - sum.clear(); - hash.clear(); + zeroise(sum); + zeroise(hash); count = 0; position = 0; } diff --git a/src/hash/has160/has160.cpp b/src/hash/has160/has160.cpp index d245a0249..fd39e7ea0 100644 --- a/src/hash/has160/has160.cpp +++ b/src/hash/has160/has160.cpp @@ -154,7 +154,7 @@ void HAS_160::copy_out(byte output[]) void HAS_160::clear() { MDx_HashFunction::clear(); - X.clear(); + zeroise(X); digest[0] = 0x67452301; digest[1] = 0xEFCDAB89; digest[2] = 0x98BADCFE; diff --git a/src/hash/md2/md2.cpp b/src/hash/md2/md2.cpp index 7d0ab0ab0..b3ccae6df 100644 --- a/src/hash/md2/md2.cpp +++ b/src/hash/md2/md2.cpp @@ -99,9 +99,9 @@ void MD2::final_result(byte output[]) */ void MD2::clear() { - X.clear(); - checksum.clear(); - buffer.clear(); + zeroise(X); + zeroise(checksum); + zeroise(buffer); position = 0; } diff --git a/src/hash/md4/md4.cpp b/src/hash/md4/md4.cpp index f573dae25..edba1d08a 100644 --- a/src/hash/md4/md4.cpp +++ b/src/hash/md4/md4.cpp @@ -104,7 +104,7 @@ void MD4::copy_out(byte output[]) void MD4::clear() { MDx_HashFunction::clear(); - M.clear(); + zeroise(M); digest[0] = 0x67452301; digest[1] = 0xEFCDAB89; digest[2] = 0x98BADCFE; diff --git a/src/hash/md5/md5.cpp b/src/hash/md5/md5.cpp index 8c1e5a8e1..104155e9d 100644 --- a/src/hash/md5/md5.cpp +++ b/src/hash/md5/md5.cpp @@ -126,7 +126,7 @@ void MD5::copy_out(byte output[]) void MD5::clear() { MDx_HashFunction::clear(); - M.clear(); + zeroise(M); digest[0] = 0x67452301; digest[1] = 0xEFCDAB89; digest[2] = 0x98BADCFE; diff --git a/src/hash/mdx_hash/mdx_hash.cpp b/src/hash/mdx_hash/mdx_hash.cpp index bf571076e..ffca0d93b 100644 --- a/src/hash/mdx_hash/mdx_hash.cpp +++ b/src/hash/mdx_hash/mdx_hash.cpp @@ -30,7 +30,7 @@ MDx_HashFunction::MDx_HashFunction(u32bit hash_len, u32bit block_len, */ void MDx_HashFunction::clear() { - buffer.clear(); + zeroise(buffer); count = position = 0; } @@ -76,7 +76,7 @@ void MDx_HashFunction::final_result(byte output[]) if(position >= HASH_BLOCK_SIZE - COUNT_SIZE) { compress_n(buffer, 1); - buffer.clear(); + zeroise(buffer); } write_count(buffer + HASH_BLOCK_SIZE - COUNT_SIZE); diff --git a/src/hash/rmd128/rmd128.cpp b/src/hash/rmd128/rmd128.cpp index 51e416eb1..9e0f6701e 100644 --- a/src/hash/rmd128/rmd128.cpp +++ b/src/hash/rmd128/rmd128.cpp @@ -166,7 +166,7 @@ void RIPEMD_128::copy_out(byte output[]) void RIPEMD_128::clear() { MDx_HashFunction::clear(); - M.clear(); + zeroise(M); digest[0] = 0x67452301; digest[1] = 0xEFCDAB89; digest[2] = 0x98BADCFE; diff --git a/src/hash/rmd160/rmd160.cpp b/src/hash/rmd160/rmd160.cpp index 5237f1e12..4975814f4 100644 --- a/src/hash/rmd160/rmd160.cpp +++ b/src/hash/rmd160/rmd160.cpp @@ -199,7 +199,7 @@ void RIPEMD_160::copy_out(byte output[]) void RIPEMD_160::clear() { MDx_HashFunction::clear(); - M.clear(); + zeroise(M); digest[0] = 0x67452301; digest[1] = 0xEFCDAB89; digest[2] = 0x98BADCFE; diff --git a/src/hash/sha1/sha160.cpp b/src/hash/sha1/sha160.cpp index 1ad08d483..1e57f0cf4 100644 --- a/src/hash/sha1/sha160.cpp +++ b/src/hash/sha1/sha160.cpp @@ -144,7 +144,7 @@ void SHA_160::copy_out(byte output[]) void SHA_160::clear() { MDx_HashFunction::clear(); - W.clear(); + zeroise(W); digest[0] = 0x67452301; digest[1] = 0xEFCDAB89; digest[2] = 0x98BADCFE; diff --git a/src/hash/sha2/sha2_32.cpp b/src/hash/sha2/sha2_32.cpp index 4315e10d6..a18a4d8c4 100644 --- a/src/hash/sha2/sha2_32.cpp +++ b/src/hash/sha2/sha2_32.cpp @@ -181,7 +181,7 @@ void SHA_224::copy_out(byte output[]) void SHA_224::clear() { MDx_HashFunction::clear(); - W.clear(); + zeroise(W); digest[0] = 0xC1059ED8; digest[1] = 0x367CD507; digest[2] = 0x3070DD17; @@ -215,7 +215,7 @@ void SHA_256::copy_out(byte output[]) void SHA_256::clear() { MDx_HashFunction::clear(); - W.clear(); + zeroise(W); digest[0] = 0x6A09E667; digest[1] = 0xBB67AE85; digest[2] = 0x3C6EF372; diff --git a/src/hash/sha2/sha2_64.cpp b/src/hash/sha2/sha2_64.cpp index 10fe81a5e..aecf9a0db 100644 --- a/src/hash/sha2/sha2_64.cpp +++ b/src/hash/sha2/sha2_64.cpp @@ -188,7 +188,7 @@ void SHA_384::copy_out(byte output[]) void SHA_384::clear() { MDx_HashFunction::clear(); - W.clear(); + zeroise(W); digest[0] = 0xCBBB9D5DC1059ED8; digest[1] = 0x629A292A367CD507; digest[2] = 0x9159015A3070DD17; @@ -222,7 +222,7 @@ void SHA_512::copy_out(byte output[]) void SHA_512::clear() { MDx_HashFunction::clear(); - W.clear(); + zeroise(W); digest[0] = 0x6A09E667F3BCC908; digest[1] = 0xBB67AE8584CAA73B; digest[2] = 0x3C6EF372FE94F82B; diff --git a/src/hash/skein/skein_512.cpp b/src/hash/skein/skein_512.cpp index 4d7717ef4..1fdd9fbf6 100644 --- a/src/hash/skein/skein_512.cpp +++ b/src/hash/skein/skein_512.cpp @@ -186,9 +186,9 @@ HashFunction* Skein_512::clone() const void Skein_512::clear() { - H.clear(); - T.clear(); - buffer.clear(); + zeroise(H); + zeroise(T); + zeroise(buffer); buf_pos = 0; } diff --git a/src/hash/tiger/tiger.cpp b/src/hash/tiger/tiger.cpp index 3013ab38e..1812abf12 100644 --- a/src/hash/tiger/tiger.cpp +++ b/src/hash/tiger/tiger.cpp @@ -136,7 +136,7 @@ void Tiger::pass(u64bit& A, u64bit& B, u64bit& C, u64bit X[8], byte mul) void Tiger::clear() { MDx_HashFunction::clear(); - X.clear(); + zeroise(X); digest[0] = 0x0123456789ABCDEF; digest[1] = 0xFEDCBA9876543210; digest[2] = 0xF096A5B4C3B2E187; diff --git a/src/hash/whirlpool/whrlpool.cpp b/src/hash/whirlpool/whrlpool.cpp index 06755fe77..6f62695c8 100644 --- a/src/hash/whirlpool/whrlpool.cpp +++ b/src/hash/whirlpool/whrlpool.cpp @@ -139,8 +139,8 @@ void Whirlpool::copy_out(byte output[]) void Whirlpool::clear() { MDx_HashFunction::clear(); - M.clear(); - digest.clear(); + zeroise(M); + zeroise(digest); } } diff --git a/src/mac/cbc_mac/cbc_mac.cpp b/src/mac/cbc_mac/cbc_mac.cpp index 6a0692580..206bce55c 100644 --- a/src/mac/cbc_mac/cbc_mac.cpp +++ b/src/mac/cbc_mac/cbc_mac.cpp @@ -47,7 +47,7 @@ void CBC_MAC::final_result(byte mac[]) e->encrypt(state); copy_mem(mac, state.begin(), state.size()); - state.clear(); + zeroise(state); position = 0; } @@ -65,7 +65,7 @@ void CBC_MAC::key_schedule(const byte key[], u32bit length) void CBC_MAC::clear() { e->clear(); - state.clear(); + zeroise(state); position = 0; } diff --git a/src/mac/cmac/cmac.cpp b/src/mac/cmac/cmac.cpp index 05c5f4a88..38b62c6cb 100644 --- a/src/mac/cmac/cmac.cpp +++ b/src/mac/cmac/cmac.cpp @@ -81,8 +81,8 @@ void CMAC::final_result(byte mac[]) for(u32bit j = 0; j != OUTPUT_LENGTH; ++j) mac[j] = state[j]; - state.clear(); - buffer.clear(); + zeroise(state); + zeroise(buffer); position = 0; } @@ -104,10 +104,10 @@ void CMAC::key_schedule(const byte key[], u32bit length) void CMAC::clear() { e->clear(); - state.clear(); - buffer.clear(); - B.clear(); - P.clear(); + zeroise(state); + zeroise(buffer); + zeroise(B); + zeroise(P); position = 0; } diff --git a/src/mac/hmac/hmac.cpp b/src/mac/hmac/hmac.cpp index 0d5c99702..1ad9487b4 100644 --- a/src/mac/hmac/hmac.cpp +++ b/src/mac/hmac/hmac.cpp @@ -61,8 +61,8 @@ void HMAC::key_schedule(const byte key[], u32bit length) void HMAC::clear() { hash->clear(); - i_key.clear(); - o_key.clear(); + zeroise(i_key); + zeroise(o_key); } /* diff --git a/src/mac/ssl3mac/ssl3_mac.cpp b/src/mac/ssl3mac/ssl3_mac.cpp index a4c0c635e..781cb7f27 100644 --- a/src/mac/ssl3mac/ssl3_mac.cpp +++ b/src/mac/ssl3mac/ssl3_mac.cpp @@ -49,8 +49,8 @@ void SSL3_MAC::key_schedule(const byte key[], u32bit length) void SSL3_MAC::clear() { hash->clear(); - i_key.clear(); - o_key.clear(); + zeroise(i_key); + zeroise(o_key); } /* diff --git a/src/mac/x919_mac/x919_mac.cpp b/src/mac/x919_mac/x919_mac.cpp index 42e039d60..f0c2419fa 100644 --- a/src/mac/x919_mac/x919_mac.cpp +++ b/src/mac/x919_mac/x919_mac.cpp @@ -46,7 +46,7 @@ void ANSI_X919_MAC::final_result(byte mac[]) e->encrypt(state); d->decrypt(state, mac); e->encrypt(mac); - state.clear(); + zeroise(state); position = 0; } @@ -67,7 +67,7 @@ void ANSI_X919_MAC::clear() { e->clear(); d->clear(); - state.clear(); + zeroise(state); position = 0; } diff --git a/src/math/bigint/big_ops2.cpp b/src/math/bigint/big_ops2.cpp index cc50c26e5..193c00e32 100644 --- a/src/math/bigint/big_ops2.cpp +++ b/src/math/bigint/big_ops2.cpp @@ -37,7 +37,7 @@ BigInt& BigInt::operator+=(const BigInt& y) } else if(relative_size == 0) { - get_reg().clear(); + zeroise(reg); set_sign(Positive); } else if(relative_size > 0) @@ -72,7 +72,7 @@ BigInt& BigInt::operator-=(const BigInt& y) { if(sign() == y.sign()) { - get_reg().clear(); + clear(); set_sign(Positive); } else @@ -99,7 +99,7 @@ BigInt& BigInt::operator*=(const BigInt& y) if(x_sw == 0 || y_sw == 0) { - get_reg().clear(); + clear(); set_sign(Positive); } else if(x_sw == 1 && y_sw) diff --git a/src/math/bigint/bigint.cpp b/src/math/bigint/bigint.cpp index 1ae8be130..2ac387a97 100644 --- a/src/math/bigint/bigint.cpp +++ b/src/math/bigint/bigint.cpp @@ -348,7 +348,7 @@ void BigInt::binary_decode(const byte buf[], u32bit length) { const u32bit WORD_BYTES = sizeof(word); - reg.clear(); + clear(); reg.resize(round_up<u32bit>((length / WORD_BYTES) + 1, 8)); for(u32bit j = 0; j != length / WORD_BYTES; ++j) diff --git a/src/math/bigint/bigint.h b/src/math/bigint/bigint.h index 64bf20068..9ce71aeca 100644 --- a/src/math/bigint/bigint.h +++ b/src/math/bigint/bigint.h @@ -140,7 +140,7 @@ class BOTAN_DLL BigInt /** * Zeroize the BigInt */ - void clear() { get_reg().clear(); } + void clear() { zeroise(reg); } /** * Compare this to another BigInt diff --git a/src/math/numbertheory/point_gfp.cpp b/src/math/numbertheory/point_gfp.cpp index 6e62a9a13..93e3392ea 100644 --- a/src/math/numbertheory/point_gfp.cpp +++ b/src/math/numbertheory/point_gfp.cpp @@ -46,7 +46,7 @@ void PointGFp::monty_mult(BigInt& z, const u32bit p_size = curve.get_p_words(); const word p_dash = curve.get_p_dash(); - workspace.clear(); + zeroise(workspace); bigint_mul(workspace, workspace.size(), 0, x.data(), x.size(), x.sig_words(), @@ -73,7 +73,7 @@ void PointGFp::monty_sqr(BigInt& z, const BigInt& x, const u32bit p_size = curve.get_p_words(); const word p_dash = curve.get_p_dash(); - workspace.clear(); + zeroise(workspace); bigint_sqr(workspace, workspace.size(), 0, x.data(), x.size(), x.sig_words()); diff --git a/src/math/numbertheory/powm_mnt.cpp b/src/math/numbertheory/powm_mnt.cpp index cce142020..80582eaa8 100644 --- a/src/math/numbertheory/powm_mnt.cpp +++ b/src/math/numbertheory/powm_mnt.cpp @@ -66,7 +66,7 @@ void Montgomery_Exponentiator::set_base(const BigInt& base) const BigInt& y = g[j-1]; const u32bit y_sig = y.sig_words(); - z.clear(); + zeroise(z); bigint_mul(z.begin(), z.size(), workspace, x.data(), x.size(), x_sig, y.data(), y.size(), y_sig); @@ -90,7 +90,7 @@ BigInt Montgomery_Exponentiator::execute() const { for(u32bit k = 0; k != window_bits; ++k) { - z.clear(); + zeroise(z); bigint_sqr(z.begin(), z.size(), workspace, x.data(), x.size(), x.sig_words()); @@ -102,7 +102,7 @@ BigInt Montgomery_Exponentiator::execute() const { const BigInt& y = g[nibble-1]; - z.clear(); + zeroise(z); bigint_mul(z.begin(), z.size(), workspace, x.data(), x.size(), x.sig_words(), y.data(), y.size(), y.sig_words()); @@ -111,7 +111,7 @@ BigInt Montgomery_Exponentiator::execute() const } } - z.clear(); + zeroise(z); z.copy(x.data(), x.size()); montgomery_reduce(x, z, modulus, mod_words, mod_prime); diff --git a/src/pk_pad/eme1/eme1.cpp b/src/pk_pad/eme1/eme1.cpp index 9eab16d6c..84fcf4b83 100644 --- a/src/pk_pad/eme1/eme1.cpp +++ b/src/pk_pad/eme1/eme1.cpp @@ -26,8 +26,6 @@ SecureVector<byte> EME1::pad(const byte in[], u32bit in_length, SecureVector<byte> out(key_length); - out.clear(); - rng.randomize(out, HASH_LENGTH); out.copy(HASH_LENGTH, Phash, Phash.size()); diff --git a/src/pk_pad/emsa3/emsa3.cpp b/src/pk_pad/emsa3/emsa3.cpp index 82981d38c..aa1b85f05 100644 --- a/src/pk_pad/emsa3/emsa3.cpp +++ b/src/pk_pad/emsa3/emsa3.cpp @@ -117,8 +117,8 @@ void EMSA3_Raw::update(const byte input[], u32bit length) */ SecureVector<byte> EMSA3_Raw::raw_data() { - SecureVector<byte> ret = message; - message.clear(); + SecureVector<byte> ret; + std::swap(ret, message); return ret; } diff --git a/src/rng/hmac_rng/hmac_rng.cpp b/src/rng/hmac_rng/hmac_rng.cpp index fbfa87f70..b9bd65ae1 100644 --- a/src/rng/hmac_rng/hmac_rng.cpp +++ b/src/rng/hmac_rng/hmac_rng.cpp @@ -107,7 +107,7 @@ void HMAC_RNG::reseed(u32bit poll_bits) extractor->set_key(K, K.size()); // Reset state - K.clear(); + zeroise(K); counter = 0; user_input_len = 0; @@ -147,7 +147,7 @@ void HMAC_RNG::clear() { extractor->clear(); prf->clear(); - K.clear(); + zeroise(K); counter = 0; user_input_len = 0; seeded = false; diff --git a/src/rng/randpool/randpool.cpp b/src/rng/randpool/randpool.cpp index c3e496638..fb8dfcd09 100644 --- a/src/rng/randpool/randpool.cpp +++ b/src/rng/randpool/randpool.cpp @@ -149,9 +149,9 @@ void Randpool::clear() { cipher->clear(); mac->clear(); - pool.clear(); - buffer.clear(); - counter.clear(); + zeroise(pool); + zeroise(buffer); + zeroise(counter); seeded = false; } diff --git a/src/rng/x931_rng/x931_rng.cpp b/src/rng/x931_rng/x931_rng.cpp index f812377ed..4a06fca39 100644 --- a/src/rng/x931_rng/x931_rng.cpp +++ b/src/rng/x931_rng/x931_rng.cpp @@ -112,7 +112,7 @@ void ANSI_X931_RNG::clear() { cipher->clear(); prng->clear(); - R.clear(); + zeroise(R); V.destroy(); position = 0; diff --git a/src/ssl/rec_read.cpp b/src/ssl/rec_read.cpp index 3c008641d..895026431 100644 --- a/src/ssl/rec_read.cpp +++ b/src/ssl/rec_read.cpp @@ -244,7 +244,9 @@ u32bit Record_Reader::get_record(byte& msg_type, throw TLS_Exception(BAD_RECORD_MAC, "Record_Reader: MAC failure"); msg_type = header[0]; - output.set(&plaintext[iv_size], plain_length); + + output.resize(plain_length); + copy_mem(&output[0], &plaintext[iv_size], plain_length); return 0; } diff --git a/src/ssl/rec_wri.cpp b/src/ssl/rec_wri.cpp index d5358f4c3..40dd45219 100644 --- a/src/ssl/rec_wri.cpp +++ b/src/ssl/rec_wri.cpp @@ -30,7 +30,7 @@ void Record_Writer::reset() cipher.reset(); mac.reset(); - buffer.clear(); + zeroise(buffer); buf_pos = 0; major = minor = buf_type = 0; diff --git a/src/stream/arc4/arc4.cpp b/src/stream/arc4/arc4.cpp index 1c89379ba..a3a2f9a65 100644 --- a/src/stream/arc4/arc4.cpp +++ b/src/stream/arc4/arc4.cpp @@ -89,8 +89,8 @@ std::string ARC4::name() const */ void ARC4::clear() { - state.clear(); - buffer.clear(); + zeroise(state); + zeroise(buffer); position = X = Y = 0; } diff --git a/src/stream/ctr/ctr.cpp b/src/stream/ctr/ctr.cpp index 8a24cd4d0..cd1b1b7fb 100644 --- a/src/stream/ctr/ctr.cpp +++ b/src/stream/ctr/ctr.cpp @@ -40,8 +40,8 @@ CTR_BE::~CTR_BE() void CTR_BE::clear() { permutation->clear(); - buffer.clear(); - counter.clear(); + zeroise(buffer); + zeroise(counter); position = 0; } @@ -91,7 +91,7 @@ void CTR_BE::set_iv(const byte iv[], u32bit iv_len) const u32bit BLOCK_SIZE = permutation->BLOCK_SIZE; - counter.clear(); + zeroise(counter); counter.copy(0, iv, iv_len); diff --git a/src/stream/ofb/ofb.cpp b/src/stream/ofb/ofb.cpp index cfa035a4f..332673153 100644 --- a/src/stream/ofb/ofb.cpp +++ b/src/stream/ofb/ofb.cpp @@ -38,7 +38,7 @@ OFB::~OFB() void OFB::clear() { permutation->clear(); - buffer.clear(); + zeroise(buffer); position = 0; } @@ -87,7 +87,7 @@ void OFB::set_iv(const byte iv[], u32bit iv_len) if(!valid_iv_length(iv_len)) throw Invalid_IV_Length(name(), iv_len); - buffer.clear(); + zeroise(buffer); buffer.copy(0, iv, iv_len); permutation->encrypt(buffer); diff --git a/src/stream/salsa20/salsa20.cpp b/src/stream/salsa20/salsa20.cpp index a38e6e305..c52e305d1 100644 --- a/src/stream/salsa20/salsa20.cpp +++ b/src/stream/salsa20/salsa20.cpp @@ -232,8 +232,8 @@ std::string Salsa20::name() const */ void Salsa20::clear() { - state.clear(); - buffer.clear(); + zeroise(state); + zeroise(buffer); position = 0; } diff --git a/src/stream/turing/turing.cpp b/src/stream/turing/turing.cpp index 159c262fd..bfb2166d8 100644 --- a/src/stream/turing/turing.cpp +++ b/src/stream/turing/turing.cpp @@ -300,12 +300,12 @@ void Turing::set_iv(const byte iv[], u32bit length) */ void Turing::clear() { - S0.clear(); - S1.clear(); - S2.clear(); - S3.clear(); + zeroise(S0); + zeroise(S1); + zeroise(S2); + zeroise(S3); - buffer.clear(); + zeroise(buffer); position = 0; } diff --git a/src/stream/wid_wake/wid_wake.cpp b/src/stream/wid_wake/wid_wake.cpp index 225ccf9a6..f5897f1cc 100644 --- a/src/stream/wid_wake/wid_wake.cpp +++ b/src/stream/wid_wake/wid_wake.cpp @@ -139,10 +139,10 @@ void WiderWake_41_BE::set_iv(const byte iv[], u32bit length) void WiderWake_41_BE::clear() { position = 0; - t_key.clear(); - state.clear(); - T.clear(); - buffer.clear(); + zeroise(t_key); + zeroise(state); + zeroise(T); + zeroise(buffer); } } diff --git a/src/sym_algo/symkey.cpp b/src/sym_algo/symkey.cpp index bf2b705d3..a04f29181 100644 --- a/src/sym_algo/symkey.cpp +++ b/src/sym_algo/symkey.cpp @@ -91,7 +91,7 @@ std::string OctetString::as_string() const */ OctetString& OctetString::operator^=(const OctetString& k) { - if(&k == this) { bits.clear(); return (*this); } + if(&k == this) { zeroise(bits); return (*this); } xor_buf(bits.begin(), k.begin(), std::min(length(), k.length())); return (*this); } |