diff options
| author | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2020-06-07 17:27:22 +0200 |
|---|---|---|
| committer | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2020-06-18 15:26:01 +0200 |
| commit | f03b7f3d7addca3d814fef7c9e693d0485b619ec (patch) | |
| tree | ac34aeab4cb910c18103b43b6bdd9bce60b76401 /modules/mbedtls | |
| parent | 4e0f31a67cb757f95a658a02ac28afcdda40b299 (diff) | |
Better zeroizing in CryptoKey.
Small code clenup (after PoolByteArray change).
Diffstat (limited to 'modules/mbedtls')
| -rw-r--r-- | modules/mbedtls/crypto_mbedtls.cpp | 23 |
1 files changed, 8 insertions, 15 deletions
diff --git a/modules/mbedtls/crypto_mbedtls.cpp b/modules/mbedtls/crypto_mbedtls.cpp index 1f9d8c2aa3..fbb3a39eed 100644 --- a/modules/mbedtls/crypto_mbedtls.cpp +++ b/modules/mbedtls/crypto_mbedtls.cpp @@ -59,11 +59,8 @@ Error CryptoKeyMbedTLS::load(String p_path) { int flen = f->get_len(); out.resize(flen + 1); - { - uint8_t *w = out.ptrw(); - f->get_buffer(w, flen); - w[flen] = 0; //end f string - } + f->get_buffer(out.ptrw(), flen); + out.write[flen] = 0; // string terminator memdelete(f); int ret = mbedtls_pk_parse_key(&pkey, out.ptr(), out.size(), nullptr, 0); @@ -84,14 +81,14 @@ Error CryptoKeyMbedTLS::save(String p_path) { int ret = mbedtls_pk_write_key_pem(&pkey, w, sizeof(w)); if (ret != 0) { memdelete(f); - memset(w, 0, sizeof(w)); // Zeroize anything we might have written. + mbedtls_platform_zeroize(w, sizeof(w)); // Zeroize anything we might have written. ERR_FAIL_V_MSG(FAILED, "Error writing key '" + itos(ret) + "'."); } size_t len = strlen((char *)w); f->store_buffer(w, len); memdelete(f); - memset(w, 0, sizeof(w)); // Zeroize temporary buffer. + mbedtls_platform_zeroize(w, sizeof(w)); // Zeroize temporary buffer. return OK; } @@ -108,11 +105,8 @@ Error X509CertificateMbedTLS::load(String p_path) { int flen = f->get_len(); out.resize(flen + 1); - { - uint8_t *w = out.ptrw(); - f->get_buffer(w, flen); - w[flen] = 0; //end f string - } + f->get_buffer(out.ptrw(), flen); + out.write[flen] = 0; // string terminator memdelete(f); int ret = mbedtls_x509_crt_parse(&cert, out.ptr(), out.size()); @@ -211,9 +205,8 @@ void CryptoMbedTLS::load_default_certificates(String p_path) { // Use builtin certs only if user did not override it in project settings. PackedByteArray out; out.resize(_certs_uncompressed_size + 1); - uint8_t *w = out.ptrw(); - Compression::decompress(w, _certs_uncompressed_size, _certs_compressed, _certs_compressed_size, Compression::MODE_DEFLATE); - w[_certs_uncompressed_size] = 0; // Make sure it ends with string terminator + Compression::decompress(out.ptrw(), _certs_uncompressed_size, _certs_compressed, _certs_compressed_size, Compression::MODE_DEFLATE); + out.write[_certs_uncompressed_size] = 0; // Make sure it ends with string terminator #ifdef DEBUG_ENABLED print_verbose("Loaded builtin certs"); #endif |