godotengine/godot
1
0
Fork 0
mirror of https://github.com/godotengine/godot.git synced 2025-11-13 13:31:48 +00:00
Code Releases Wiki Activity

Better zeroizing in CryptoKey.

Browse Source 
Small code clenup (after PoolByteArray change).
This commit is contained in:
Fabio Alessandrelli
2020-06-07 17:27:22 +02:00
parent 4e0f31a67c
commit f03b7f3d7a
1 changed files with 8 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
modules/mbedtls/crypto_mbedtls.cpp
View File

@@ -59,11 +59,8 @@ Error CryptoKeyMbedTLS::load(String p_path) {
int flen = f->get_len(); int flen = f->get_len();
out.resize(flen + 1); out.resize(flen + 1);
{ f->get_buffer(out.ptrw(), flen);
uint8_t *w = out.ptrw(); out.write[flen] = 0; // string terminator
f->get_buffer(w, flen);
w[flen] = 0; //end f string
}
memdelete(f); memdelete(f);
int ret = mbedtls_pk_parse_key(&pkey, out.ptr(), out.size(), nullptr, 0); int ret = mbedtls_pk_parse_key(&pkey, out.ptr(), out.size(), nullptr, 0);
@@ -84,14 +81,14 @@ Error CryptoKeyMbedTLS::save(String p_path) {
int ret = mbedtls_pk_write_key_pem(&pkey, w, sizeof(w)); int ret = mbedtls_pk_write_key_pem(&pkey, w, sizeof(w));
if (ret != 0) { if (ret != 0) {
memdelete(f); memdelete(f);
memset(w, 0, sizeof(w)); // Zeroize anything we might have written. mbedtls_platform_zeroize(w, sizeof(w)); // Zeroize anything we might have written.
ERR_FAIL_V_MSG(FAILED, "Error writing key '" + itos(ret) + "'."); ERR_FAIL_V_MSG(FAILED, "Error writing key '" + itos(ret) + "'.");
} }
size_t len = strlen((char *)w); size_t len = strlen((char *)w);
f->store_buffer(w, len); f->store_buffer(w, len);
memdelete(f); memdelete(f);
memset(w, 0, sizeof(w)); // Zeroize temporary buffer. mbedtls_platform_zeroize(w, sizeof(w)); // Zeroize temporary buffer.
return OK; return OK;
} }
@@ -108,11 +105,8 @@ Error X509CertificateMbedTLS::load(String p_path) {
int flen = f->get_len(); int flen = f->get_len();
out.resize(flen + 1); out.resize(flen + 1);
{ f->get_buffer(out.ptrw(), flen);
uint8_t *w = out.ptrw(); out.write[flen] = 0; // string terminator
f->get_buffer(w, flen);
w[flen] = 0; //end f string
}
memdelete(f); memdelete(f);
int ret = mbedtls_x509_crt_parse(&cert, out.ptr(), out.size()); int ret = mbedtls_x509_crt_parse(&cert, out.ptr(), out.size());
@@ -211,9 +205,8 @@ void CryptoMbedTLS::load_default_certificates(String p_path) {
// Use builtin certs only if user did not override it in project settings. // Use builtin certs only if user did not override it in project settings.
PackedByteArray out; PackedByteArray out;
out.resize(_certs_uncompressed_size + 1); out.resize(_certs_uncompressed_size + 1);
uint8_t *w = out.ptrw(); Compression::decompress(out.ptrw(), _certs_uncompressed_size, _certs_compressed, _certs_compressed_size, Compression::MODE_DEFLATE);
Compression::decompress(w, _certs_uncompressed_size, _certs_compressed, _certs_compressed_size, Compression::MODE_DEFLATE); out.write[_certs_uncompressed_size] = 0; // Make sure it ends with string terminator
w[_certs_uncompressed_size] = 0; // Make sure it ends with string terminator
#ifdef DEBUG_ENABLED #ifdef DEBUG_ENABLED
print_verbose("Loaded builtin certs"); print_verbose("Loaded builtin certs");
#endif #endif