commit 54526c3c89722842f590ebb568f8c3ebbe5dbc7d
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Oct 03 11:06:55 2019 +0200
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Oct 22 10:03:07 2019 +0200
tree c76d01007e186126bfd11db90eca0dbe4c06824b
parent 994193326be25c29be2b525552db401d3e432067

Use plain memset() for freshly allocated objects

This commits reverts to plain memset() for cases like:

    some_type foo;
    memset( &foo, 0, sizeof( foo ) );

(Sometimes there is code between declaration in memset(), but it doesn't
matter as long as it doesn't touch foo.)

The reasoning is the same as in the previous commit: the stack shouldn't
contain sensitive data as we carefully wipe it after use.

library/asn1parse.c

diff --git a/library/asn1parse.c b/library/asn1parse.c
index ac3943a..990ae38 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -391,7 +391,7 @@
     int ret;
     mbedtls_asn1_buf params;
 
-    mbedtls_platform_memset( &params, 0, sizeof(mbedtls_asn1_buf) );
+    memset( &params, 0, sizeof(mbedtls_asn1_buf) );
 
     if( ( ret = mbedtls_asn1_get_alg( p, end, alg, &params ) ) != 0 )
         return( ret );

library/ccm.c

diff --git a/library/ccm.c b/library/ccm.c
index 9258082..f6a751c 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -211,7 +211,7 @@
 
 
     /* Start CBC-MAC with first block */
-    mbedtls_platform_memset( y, 0, 16 );
+    memset( y, 0, 16 );
     UPDATE_CBC_MAC;
 
     /*

library/entropy.c

diff --git a/library/entropy.c b/library/entropy.c
index 8f28733..281ed23 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -370,7 +370,7 @@
     }
     while( ! done );
 
-    mbedtls_platform_memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
+    memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
 
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
     /*

library/hmac_drbg.c

diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index 9d26a73..03c7d67 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -178,7 +178,7 @@
         }
     }
 
-    mbedtls_platform_memset( seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT );
+    memset( seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT );
 
     /* IV. Gather entropy_len bytes of entropy for the seed */
     if( ( ret = ctx->f_entropy( ctx->p_entropy,

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ddc58a4..e9102a7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3376,7 +3376,7 @@
             const size_t max_len = rec->data_len + padlen;
             const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0;
 
-            mbedtls_platform_memset( tmp, 0, sizeof( tmp ) );
+            memset( tmp, 0, sizeof( tmp ) );
 
             switch( mbedtls_md_get_type(
                         mbedtls_md_get_handle( &transform->md_ctx_dec ) ) )

library/x509.c

diff --git a/library/x509.c b/library/x509.c
index 33dc0b9..4b34486 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -943,7 +943,7 @@
     const char *short_name = NULL;
     char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p;
 
-    mbedtls_platform_memset( s, 0, sizeof( s ) );
+    memset( s, 0, sizeof( s ) );
 
     name = dn;
     p = buf;

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 5919303..b7d1036 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2271,7 +2271,7 @@
     p = buf;
     n = size;
 
-    mbedtls_platform_memset( &sig_info, 0, sizeof( mbedtls_x509_crt_sig_info ) );
+    memset( &sig_info, 0, sizeof( mbedtls_x509_crt_sig_info ) );
     mbedtls_pk_init( &pk );
 
     if( NULL == crt )