summaryrefslogtreecommitdiff
path: root/common/fpsensor/fpsensor_crypto.cc
diff options
context:
space:
mode:
Diffstat (limited to 'common/fpsensor/fpsensor_crypto.cc')
-rw-r--r--common/fpsensor/fpsensor_crypto.cc16
1 files changed, 8 insertions, 8 deletions
diff --git a/common/fpsensor/fpsensor_crypto.cc b/common/fpsensor/fpsensor_crypto.cc
index 5861064427..5b5ce9de49 100644
--- a/common/fpsensor/fpsensor_crypto.cc
+++ b/common/fpsensor/fpsensor_crypto.cc
@@ -8,13 +8,13 @@
#include "fpsensor_state.h"
#include "fpsensor_utils.h"
#include "openssl/aes.h"
+#include "openssl/mem.h"
/* These must be included after the "openssl/aes.h" */
#include "crypto/fipsmodule/aes/internal.h"
#include "crypto/fipsmodule/modes/internal.h"
extern "C" {
-#include "cryptoc/util.h"
#include "rollback.h"
#include "sha256.h"
#include "util.h"
@@ -101,7 +101,7 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size,
compute_hmac_sha256(key_buf, prk, prk_size, message_buf, info_size + 1);
memcpy(out_key, key_buf, out_key_size);
- always_memset(key_buf, 0, sizeof(key_buf));
+ OPENSSL_cleanse(key_buf, sizeof(key_buf));
return EC_SUCCESS;
}
@@ -156,8 +156,8 @@ int hkdf_expand(uint8_t *out_key, size_t L, const uint8_t *prk, size_t prk_size,
out_key += block_size;
L -= block_size;
}
- always_memset(T_buffer, 0, sizeof(T_buffer));
- always_memset(info_buffer, 0, sizeof(info_buffer));
+ OPENSSL_cleanse(T_buffer, sizeof(T_buffer));
+ OPENSSL_cleanse(info_buffer, sizeof(info_buffer));
return EC_SUCCESS;
#undef HASH_LEN
}
@@ -187,7 +187,7 @@ int derive_positive_match_secret(uint8_t *output,
/* "Extract" step of HKDF. */
hkdf_extract(prk, input_positive_match_salt,
FP_POSITIVE_MATCH_SALT_BYTES, ikm, sizeof(ikm));
- always_memset(ikm, 0, sizeof(ikm));
+ OPENSSL_cleanse(ikm, sizeof(ikm));
memcpy(info, info_prefix, strlen(info_prefix));
memcpy(info + strlen(info_prefix), user_id, sizeof(user_id));
@@ -195,7 +195,7 @@ int derive_positive_match_secret(uint8_t *output,
/* "Expand" step of HKDF. */
ret = hkdf_expand(output, FP_POSITIVE_MATCH_SECRET_BYTES, prk,
sizeof(prk), info, sizeof(info));
- always_memset(prk, 0, sizeof(prk));
+ OPENSSL_cleanse(prk, sizeof(prk));
/* Check that secret is not full of 0x00 or 0xff. */
if (bytes_are_trivial(output, FP_POSITIVE_MATCH_SECRET_BYTES)) {
@@ -225,7 +225,7 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt)
/* "Extract step of HKDF. */
hkdf_extract(prk, salt, FP_CONTEXT_ENCRYPTION_SALT_BYTES, ikm,
sizeof(ikm));
- always_memset(ikm, 0, sizeof(ikm));
+ OPENSSL_cleanse(ikm, sizeof(ikm));
/*
* Only 1 "expand" step of HKDF since the size of the "info" context
@@ -234,7 +234,7 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt)
*/
ret = hkdf_expand_one_step(out_key, SBP_ENC_KEY_LEN, prk, sizeof(prk),
(uint8_t *)user_id, sizeof(user_id));
- always_memset(prk, 0, sizeof(prk));
+ OPENSSL_cleanse(prk, sizeof(prk));
return ret;
}
View Lorry Controller Status