From f03b7f3d7addca3d814fef7c9e693d0485b619ec Mon Sep 17 00:00:00 2001
From: Fabio Alessandrelli <fabio.alessandrelli@gmail.com>
Date: Sun, 7 Jun 2020 17:27:22 +0200
Subject: Better zeroizing in CryptoKey.

Small code clenup (after PoolByteArray change).
---
 modules/mbedtls/crypto_mbedtls.cpp | 23 ++++++++---------------
 1 file changed, 8 insertions(+), 15 deletions(-)

(limited to 'modules/mbedtls')

diff --git a/modules/mbedtls/crypto_mbedtls.cpp b/modules/mbedtls/crypto_mbedtls.cpp
index 1f9d8c2aa3..fbb3a39eed 100644
--- a/modules/mbedtls/crypto_mbedtls.cpp
+++ b/modules/mbedtls/crypto_mbedtls.cpp
@@ -59,11 +59,8 @@ Error CryptoKeyMbedTLS::load(String p_path) {
 
 	int flen = f->get_len();
 	out.resize(flen + 1);
-	{
-		uint8_t *w = out.ptrw();
-		f->get_buffer(w, flen);
-		w[flen] = 0; //end f string
-	}
+	f->get_buffer(out.ptrw(), flen);
+	out.write[flen] = 0; // string terminator
 	memdelete(f);
 
 	int ret = mbedtls_pk_parse_key(&pkey, out.ptr(), out.size(), nullptr, 0);
@@ -84,14 +81,14 @@ Error CryptoKeyMbedTLS::save(String p_path) {
 	int ret = mbedtls_pk_write_key_pem(&pkey, w, sizeof(w));
 	if (ret != 0) {
 		memdelete(f);
-		memset(w, 0, sizeof(w)); // Zeroize anything we might have written.
+		mbedtls_platform_zeroize(w, sizeof(w)); // Zeroize anything we might have written.
 		ERR_FAIL_V_MSG(FAILED, "Error writing key '" + itos(ret) + "'.");
 	}
 
 	size_t len = strlen((char *)w);
 	f->store_buffer(w, len);
 	memdelete(f);
-	memset(w, 0, sizeof(w)); // Zeroize temporary buffer.
+	mbedtls_platform_zeroize(w, sizeof(w)); // Zeroize temporary buffer.
 	return OK;
 }
 
@@ -108,11 +105,8 @@ Error X509CertificateMbedTLS::load(String p_path) {
 
 	int flen = f->get_len();
 	out.resize(flen + 1);
-	{
-		uint8_t *w = out.ptrw();
-		f->get_buffer(w, flen);
-		w[flen] = 0; //end f string
-	}
+	f->get_buffer(out.ptrw(), flen);
+	out.write[flen] = 0; // string terminator
 	memdelete(f);
 
 	int ret = mbedtls_x509_crt_parse(&cert, out.ptr(), out.size());
@@ -211,9 +205,8 @@ void CryptoMbedTLS::load_default_certificates(String p_path) {
 		// Use builtin certs only if user did not override it in project settings.
 		PackedByteArray out;
 		out.resize(_certs_uncompressed_size + 1);
-		uint8_t *w = out.ptrw();
-		Compression::decompress(w, _certs_uncompressed_size, _certs_compressed, _certs_compressed_size, Compression::MODE_DEFLATE);
-		w[_certs_uncompressed_size] = 0; // Make sure it ends with string terminator
+		Compression::decompress(out.ptrw(), _certs_uncompressed_size, _certs_compressed, _certs_compressed_size, Compression::MODE_DEFLATE);
+		out.write[_certs_uncompressed_size] = 0; // Make sure it ends with string terminator
 #ifdef DEBUG_ENABLED
 		print_verbose("Loaded builtin certs");
 #endif
-- 
cgit v1.2.3