Rename mbedtls_zeroize to mbedtls_platform_zeroize

1f6301b3 · Andres Amaya Garcia · 904e1efb · 1f6301b3 · 1f6301b3 · 1f6301b3
Commit 1f6301b3 authored Apr 17, 2018 by Andres Amaya Garcia
45 changed files
--- a/library/aes.c
+++ b/library/aes.c
@@ -36,7 +36,7 @@
 #include <string.h>

 #include "mbedtls/aes.h"
-#include "mbedtls/utils.h"
+#include "mbedtls/platform_util.h"
 #if defined(MBEDTLS_PADLOCK_C)
 #include "mbedtls/padlock.h"
 #endif
@@ -518,7 +518,7 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx )
    if( ctx == NULL )
        return;

-    mbedtls_zeroize( ctx, sizeof( mbedtls_aes_context ) );
+    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) );
 }

 /*

--- a/library/arc4.c
+++ b/library/arc4.c
@@ -33,7 +33,7 @@
 #if defined(MBEDTLS_ARC4_C)

 #include "mbedtls/arc4.h"
-#include "mbedtls/utils.h"
+#include "mbedtls/platform_util.h"

 #include <string.h>

@@ -58,7 +58,7 @@ void mbedtls_arc4_free( mbedtls_arc4_context *ctx )
    if( ctx == NULL )
        return;

-    mbedtls_zeroize( ctx, sizeof( mbedtls_arc4_context ) );
+    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_arc4_context ) );
 }

 /*

--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -28,7 +28,7 @@
 #if defined(MBEDTLS_ASN1_PARSE_C)

 #include "mbedtls/asn1.h"
-#include "mbedtls/utils.h"
+#include "mbedtls/platform_util.h"

 #include <string.h>

@@ -309,7 +309,7 @@ int mbedtls_asn1_get_alg( unsigned char **p,

    if( *p == end )
    {
-        mbedtls_zeroize( params, sizeof(mbedtls_asn1_buf) );
+        mbedtls_platform_zeroize( params, sizeof(mbedtls_asn1_buf) );
        return( 0 );
    }

@@ -354,7 +354,7 @@ void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur )
    mbedtls_free( cur->oid.p );
    mbedtls_free( cur->val.p );

-    mbedtls_zeroize( cur, sizeof( mbedtls_asn1_named_data ) );
+    mbedtls_platform_zeroize( cur, sizeof( mbedtls_asn1_named_data ) );
 }

 void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )

--- a/library/bignum.c
+++ b/library/bignum.c
@@ -45,6 +45,7 @@

 #include "mbedtls/bignum.h"
 #include "mbedtls/bn_mul.h"
+#include "mbedtls/platform_util.h"

 #include <string.h>

@@ -58,16 +59,6 @@
 #define mbedtls_free       free
 #endif

-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) {
-    volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0;
-}
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
 #define ciL    (sizeof(mbedtls_mpi_uint))         /* chars in limb  */
 #define biL    (ciL << 3)               /* bits  in limb  */
 #define biH    (ciL << 2)               /* half limb size */
@@ -81,6 +72,11 @@ static void mbedtls_zeroize( void *v, size_t n ) {
 #define BITS_TO_LIMBS(i)  ( (i) / biL + ( (i) % biL != 0 ) )
 #define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) )

+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) {
+    mbedtls_platform_zeroize( v, ciL * n );
+}
+
 /*
 * Initialize one MPI
 */
@@ -1897,7 +1893,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) );

 cleanup:
-    mbedtls_zeroize( buf, sizeof( buf ) );
+    mbedtls_platform_zeroize( buf, sizeof( buf ) );
    return( ret );
 }


--- a/library/blowfish.c
+++ b/library/blowfish.c
@@ -34,7 +34,7 @@
 #if defined(MBEDTLS_BLOWFISH_C)

 #include "mbedtls/blowfish.h"
-#include "mbedtls/utils.h"
+#include "mbedtls/platform_util.h"

 #include <string.h>

@@ -161,7 +161,7 @@ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx )
    if( ctx == NULL )
        return;

-    mbedtls_zeroize( ctx, sizeof( mbedtls_blowfish_context ) );
+    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_blowfish_context ) );
 }

 /*

--- a/library/camellia.c
+++ b/library/camellia.c
@@ -34,7 +34,7 @@
 #if defined(MBEDTLS_CAMELLIA_C)

 #include "mbedtls/camellia.h"
-#include "mbedtls/utils.h"
+#include "mbedtls/platform_util.h"

 #include <string.h>

@@ -329,7 +329,7 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx )
    if( ctx == NULL )
        return;

-    mbedtls_zeroize( ctx, sizeof( mbedtls_camellia_context ) );
+    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) );
 }

 /*

--- a/library/ccm.c
+++ b/library/ccm.c
@@ -37,7 +37,7 @@
 #if defined(MBEDTLS_CCM_C)

 #include "mbedtls/ccm.h"
-#include "mbedtls/utils.h"
+#include "mbedtls/platform_util.h"

 #include <string.h>

@@ -98,7 +98,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
 void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
 {
    mbedtls_cipher_free( &ctx->cipher_ctx );
-    mbedtls_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
+    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
 }

 /*
@@ -339,7 +339,7 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,

    if( diff != 0 )
    {
-        mbedtls_zeroize( output, length );
+        mbedtls_platform_zeroize( output, length );
        return( MBEDTLS_ERR_CCM_AUTH_FAILED );
    }


--- a/library/cipher.c
+++ b/library/cipher.c
@@ -33,7 +33,7 @@

 #include "mbedtls/cipher.h"
 #include "mbedtls/cipher_internal.h"
-#include "mbedtls/utils.h"
+#include "mbedtls/platform_util.h"

 #include <stdlib.h>
 #include <string.h>
@@ -137,7 +137,8 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
 #if defined(MBEDTLS_CMAC_C)
    if( ctx->cmac_ctx )
    {
-       mbedtls_zeroize( ctx->cmac_ctx, sizeof( mbedtls_cmac_context_t ) );
+       mbedtls_platform_zeroize( ctx->cmac_ctx,
+                                 sizeof( mbedtls_cmac_context_t ) );
       mbedtls_free( ctx->cmac_ctx );
    }
 #endif
@@ -145,7 +146,7 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
    if( ctx->cipher_ctx )
        ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );

-    mbedtls_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
+    mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
 }

 int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info )

--- a/library/cmac.c
+++ b/library/cmac.c
@@ -49,7 +49,7 @@
 #if defined(MBEDTLS_CMAC_C)

 #include "mbedtls/cmac.h"
-#include "mbedtls/utils.h"
+#include "mbedtls/platform_util.h"

 #include <string.h>

@@ -140,7 +140,7 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx,
    unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX];
    size_t olen, block_size;

-    mbedtls_zeroize( L, sizeof( L ) );
+    mbedtls_platform_zeroize( L, sizeof( L ) );

    block_size = ctx->cipher_info->block_size;

@@ -158,7 +158,7 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx,
        goto exit;

 exit:
-    mbedtls_zeroize( L, sizeof( L ) );
+    mbedtls_platform_zeroize( L, sizeof( L ) );

    return( ret );
 }
@@ -234,7 +234,7 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,

    ctx->cmac_ctx = cmac_ctx;

-    mbedtls_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) );
+    mbedtls_platform_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) );

    return 0;
 }
@@ -326,8 +326,8 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
    block_size = ctx->cipher_info->block_size;
    state = cmac_ctx->state;

-    mbedtls_zeroize( K1, sizeof( K1 ) );
-    mbedtls_zeroize( K2, sizeof( K2 ) );
+    mbedtls_platform_zeroize( K1, sizeof( K1 ) );
+    mbedtls_platform_zeroize( K2, sizeof( K2 ) );
    cmac_generate_subkeys( ctx, K1, K2 );

    last_block = cmac_ctx->unprocessed_block;
@@ -357,14 +357,14 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
 exit:
    /* Wipe the generated keys on the stack, and any other transients to avoid
     * side channel leakage */
-    mbedtls_zeroize( K1, sizeof( K1 ) );
-    mbedtls_zeroize( K2, sizeof( K2 ) );
+    mbedtls_platform_zeroize( K1, sizeof( K1 ) );
+    mbedtls_platform_zeroize( K2, sizeof( K2 ) );

    cmac_ctx->unprocessed_len = 0;
-    mbedtls_zeroize( cmac_ctx->unprocessed_block,
-                     sizeof( cmac_ctx->unprocessed_block ) );
+    mbedtls_platform_zeroize( cmac_ctx->unprocessed_block,
+                              sizeof( cmac_ctx->unprocessed_block ) );

-    mbedtls_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX );
+    mbedtls_platform_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX );
    return( ret );
 }

@@ -379,10 +379,10 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx )

    /* Reset the internal state */
    cmac_ctx->unprocessed_len = 0;
-    mbedtls_zeroize( cmac_ctx->unprocessed_block,
-                     sizeof( cmac_ctx->unprocessed_block ) );
-    mbedtls_zeroize( cmac_ctx->state,
-                     sizeof( cmac_ctx->state ) );
+    mbedtls_platform_zeroize( cmac_ctx->unprocessed_block,
+                              sizeof( cmac_ctx->unprocessed_block ) );
+    mbedtls_platform_zeroize( cmac_ctx->state,
+                              sizeof( cmac_ctx->state ) );

    return( 0 );
 }
@@ -462,7 +462,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
                               output );

 exit:
-    mbedtls_zeroize( int_key, sizeof( int_key ) );
+    mbedtls_platform_zeroize( int_key, sizeof( int_key ) );

    return( ret );
 }

--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -33,7 +33,7 @@
 #if defined(MBEDTLS_CTR_DRBG_C)

 #include "mbedtls/ctr_drbg.h"
-#include "mbedtls/utils.h"
+#include "mbedtls/platform_util.h"

 #include <string.h>

@@ -121,7 +121,7 @@ void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
    mbedtls_mutex_free( &ctx->mutex );
 #endif
    mbedtls_aes_free( &ctx->aes_ctx );
-    mbedtls_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
+    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
 }

 void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, int resistance )
@@ -241,16 +241,16 @@ exit:
    /*
    * tidy up the stack
    */
-    mbedtls_zeroize( buf, sizeof( buf ) );
-    mbedtls_zeroize( tmp, sizeof( tmp ) );
-    mbedtls_zeroize( key, sizeof( key ) );
-    mbedtls_zeroize( chain, sizeof( chain ) );
+    mbedtls_platform_zeroize( buf, sizeof( buf ) );
+    mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
+    mbedtls_platform_zeroize( key, sizeof( key ) );
+    mbedtls_platform_zeroize( chain, sizeof( chain ) );
    if( 0 != ret )
    {
        /*
        * wipe partial seed from memory
        */
-        mbedtls_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN );
+        mbedtls_platform_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN );
    }

    return( ret );
@@ -489,7 +489,7 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char
        ret = 0;

 exit:
-    mbedtls_zeroize( buf, sizeof( buf ) );
+    mbedtls_platform_zeroize( buf, sizeof( buf ) );

    fclose( f );
    return( ret );
@@ -522,7 +522,7 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char

    fclose( f );

-    mbedtls_zeroize( buf, sizeof( buf ) );
+    mbedtls_platform_zeroize( buf, sizeof( buf ) );

    if( ret != 0 )
        return( ret );

--- a/library/des.c
+++ b/library/des.c
@@ -34,7 +34,7 @@
 #if defined(MBEDTLS_DES_C)

 #include "mbedtls/des.h"
-#include "mbedtls/utils.h"
+#include "mbedtls/platform_util.h"

 #include <string.h>

@@ -312,7 +312,7 @@ void mbedtls_des_free( mbedtls_des_context *ctx )
    if( ctx == NULL )
        return;

-    mbedtls_zeroize( ctx, sizeof( mbedtls_des_context ) );
+    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des_context ) );
 }

 void mbedtls_des3_init( mbedtls_des3_context *ctx )
@@ -325,7 +325,7 @@ void mbedtls_des3_free( mbedtls_des3_context *ctx )
    if( ctx == NULL )
        return;

-    mbedtls_zeroize( ctx, sizeof( mbedtls_des3_context ) );
+    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des3_context ) );
 }

 static const unsigned char odd_parity_table[128] = { 1,  2,  4,  7,  8,
@@ -549,7 +549,7 @@ int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
    uint32_t sk[96];

    des3_set2key( ctx->sk, sk, key );
-    mbedtls_zeroize( sk,  sizeof( sk ) );
+    mbedtls_platform_zeroize( sk,  sizeof( sk ) );

    return( 0 );
 }
@@ -563,7 +563,7 @@ int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
    uint32_t sk[96];

    des3_set2key( sk, ctx->sk, key );
-    mbedtls_zeroize( sk,  sizeof( sk ) );
+    mbedtls_platform_zeroize( sk,  sizeof( sk ) );

    return( 0 );
 }
@@ -600,7 +600,7 @@ int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
    uint32_t sk[96];

    des3_set3key( ctx->sk, sk, key );
-    mbedtls_zeroize( sk,  sizeof( sk ) );
+    mbedtls_platform_zeroize( sk,  sizeof( sk ) );

    return( 0 );
 }
@@ -614,7 +614,7 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
    uint32_t sk[96];

    des3_set3key( sk, ctx->sk, key );
-    mbedtls_zeroize( sk,  sizeof( sk ) );
+    mbedtls_platform_zeroize( sk,  sizeof( sk ) );

    return( 0 );
 }

--- a/library/dhm.c
+++ b/library/dhm.c
@@ -36,7 +36,7 @@
 #if defined(MBEDTLS_DHM_C)

 #include "mbedtls/dhm.h"
-#include "mbedtls/utils.h"
+#include "mbedtls/platform_util.h"

 #include <string.h>

@@ -434,7 +434,7 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx )
    mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X  );
    mbedtls_mpi_free( &ctx->G  ); mbedtls_mpi_free( &ctx->P  );

-    mbedtls_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
+    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
 }

 #if defined(MBEDTLS_ASN1_PARSE_C)
@@ -572,7 +572,7 @@ static int load_file( const char *path, unsigned char **buf, size_t *n )
    {
        fclose( f );

-        mbedtls_zeroize( *buf, *n + 1 );
+        mbedtls_platform_zeroize( *buf, *n + 1 );
        mbedtls_free( *buf );

        return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
@@ -602,7 +602,7 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )

    ret = mbedtls_dhm_parse_dhm( dhm, buf, n );

-    mbedtls_zeroize( buf, n );
+    mbedtls_platform_zeroize( buf, n );
    mbedtls_free( buf );

    return( ret );

--- a/library/ecp.c
+++ b/library/ecp.c
@@ -51,7 +51,7 @@

 #include "mbedtls/ecp.h"
 #include "mbedtls/threading.h"
-#include "mbedtls/utils.h"
+#include "mbedtls/platform_util.h"

 #include <string.h>

@@ -344,7 +344,7 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp )
        mbedtls_free( grp->T );
    }

-    mbedtls_zeroize( grp, sizeof( mbedtls_ecp_group ) );
+    mbedtls_platform_zeroize( grp, sizeof( mbedtls_ecp_group ) );
 }

 /*

--- a/library/entropy.c
+++ b/library/entropy.c
@@ -35,7 +35,7 @@

 #include "mbedtls/entropy.h"
 #include "mbedtls/entropy_poll.h"
-#include "mbedtls/utils.h"
+#include "mbedtls/platform_util.h"

 #include <string.h>

@@ -136,7 +136,7 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
    ctx->initial_entropy_run = 0;
 #endif
    ctx->source_count = 0;
-    mbedtls_zeroize( ctx->source, sizeof( ctx->source ) );
+    mbedtls_platform_zeroize( ctx->source, sizeof( ctx->source ) );
    ctx->accumulator_started = 0;
 }

@@ -228,7 +228,7 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id
 #endif

 cleanup:
-    mbedtls_zeroize( tmp, sizeof( tmp ) );
+    mbedtls_platform_zeroize( tmp, sizeof( tmp ) );

    return( ret );
 }
@@ -296,7 +296,7 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx )
        ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE;

 cleanup:
-    mbedtls_zeroize( buf, sizeof( buf ) );
+    mbedtls_platform_zeroize( buf, sizeof( buf ) );

    return( ret );
 }
@@ -429,7 +429,7 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
    ret = 0;

 exit:
-    mbedtls_zeroize( buf, sizeof( buf ) );
+    mbedtls_platform_zeroize( buf, sizeof( buf ) );

 #if defined(MBEDTLS_THREADING_C)
    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
@@ -482,7 +482,7 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p
    ret = 0;

 exit:
-    mbedtls_zeroize( buf, sizeof( buf ) );
+    mbedtls_platform_zeroize( buf, sizeof( buf ) );

    fclose( f );
    return( ret );
@@ -512,7 +512,7 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *

    fclose( f );

-    mbedtls_zeroize( buf, sizeof( buf ) );
+    mbedtls_platform_zeroize( buf, sizeof( buf ) );

    if( ret != 0 )
        return( ret );

--- a/library/gcm.c
+++ b/library/gcm.c
@@ -38,7 +38,7 @@
 #if defined(MBEDTLS_GCM_C)

 #include "mbedtls/gcm.h"
-#include "mbedtls/utils.h"
+#include "mbedtls/platform_util.h"

 #include <string.h>

@@ -494,7 +494,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,

    if( diff != 0 )
    {
-        mbedtls_zeroize( output, length );
+        mbedtls_platform_zeroize( output, length );
        return( MBEDTLS_ERR_GCM_AUTH_FAILED );
    }

@@ -504,7 +504,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
 void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
 {
    mbedtls_cipher_free( &ctx->cipher_ctx );
-    mbedtls_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
+    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
 }

 #endif /* !MBEDTLS_GCM_ALT */

--- a/library/havege.c
+++ b/library/havege.c
@@ -36,7 +36,7 @@

 #include "mbedtls/havege.h"
 #include "mbedtls/timing.h"
-#include "mbedtls/utils.h"
+#include "mbedtls/platform_util.h"

 #include <string.h>

@@ -204,7 +204,7 @@ void mbedtls_havege_free( mbedtls_havege_state *hs )
    if( hs == NULL )
        return;

-    mbedtls_zeroize( hs, sizeof( mbedtls_havege_state ) );
+    mbedtls_platform_zeroize( hs, sizeof( mbedtls_havege_state ) );
 }

 /*

--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -34,7 +34,7 @@
 #if defined(MBEDTLS_HMAC_DRBG_C)

 #include "mbedtls/hmac_drbg.h"
-#include "mbedtls/utils.h"
+#include "mbedtls/platform_util.h"

 #include <string.h>

@@ -334,7 +334,7 @@ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx )
    mbedtls_mutex_free( &ctx->mutex );
 #endif
    mbedtls_md_free( &ctx->md_ctx );
-    mbedtls_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) );
+    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) );
 }

 #if defined(MBEDTLS_FS_IO)
@@ -360,7 +360,7 @@ int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const cha

 exit:
    fclose( f );
-    mbedtls_zeroize( buf, sizeof( buf ) );
+    mbedtls_platform_zeroize( buf, sizeof( buf ) );

    return( ret );
 }
@@ -392,7 +392,7 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch

    fclose( f );

-    mbedtls_zeroize( buf, sizeof( buf ) );
+    mbedtls_platform_zeroize( buf, sizeof( buf ) );

    if( ret != 0 )
        return( ret );

--- a/library/md.c
+++ b/library/md.c
@@ -33,7 +33,7 @@

 #include "mbedtls/md.h"
 #include "mbedtls/md_internal.h"
-#include "mbedtls/utils.h"
+#include "mbedtls/platform_util.h"

 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
@@ -189,11 +189,12 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx )

    if( ctx->hmac_ctx != NULL )
    {
-        mbedtls_zeroize( ctx->hmac_ctx, 2 * ctx->md_info->block_size );
+        mbedtls_platform_zeroize( ctx->hmac_ctx,
+                                  2 * ctx->md_info->block_size );
        mbedtls_free( ctx->hmac_ctx );
    }

-    mbedtls_zeroize( ctx, sizeof( mbedtls_md_context_t ) );
+    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) );
 }

 int mbedtls_md_clone( mbedtls_md_context_t *dst,
@@ -307,7 +308,7 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne
        ret = md_info->finish_func( ctx.md_ctx, output );

 cleanup:
-    mbedtls_zeroize( buf, sizeof( buf ) );
+    mbedtls_platform_zeroize( buf, sizeof( buf ) );
    fclose( f );
    mbedtls_md_free( &ctx );

@@ -357,7 +358,7 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
        goto cleanup;