Fix mqtt broker force zero definition

aidangarske · aidangarske · commit 169a5df5330b · 2026-04-09T16:44:33.000-07:00
diff --git a/src/mqtt_broker.c b/src/mqtt_broker.c
@@ -35,6 +35,7 @@
 
 #ifdef WOLFMQTT_BROKER
 
+#define BROKER_FORCE_ZERO(mem, len) Mqtt_ForceZero(mem, (word32)(len))
 
 /* -------------------------------------------------------------------------- */
 /* Platform includes                                                           */
@@ -171,7 +172,7 @@ static void BrokerStore_StringSensitive(char* dst, int max_len,
     const char* src, word16 src_len)
 {
     /* Wipe old value before overwriting */
-    WOLFMQTT_FORCE_ZERO(dst, max_len);
+    BROKER_FORCE_ZERO(dst, max_len);
     if (src_len >= (word16)max_len) {
         src_len = (word16)(max_len - 1);
     }
@@ -184,7 +185,7 @@ static void BrokerStore_String(char** dst_ptr,
 {
     if (*dst_ptr != NULL) {
         if (sensitive) {
-            WOLFMQTT_FORCE_ZERO(*dst_ptr, XSTRLEN(*dst_ptr) + 1);
+            BROKER_FORCE_ZERO(*dst_ptr, XSTRLEN(*dst_ptr) + 1);
         }
         WOLFMQTT_FREE(*dst_ptr);
         *dst_ptr = NULL;
@@ -1220,21 +1221,21 @@ static void BrokerClient_Free(BrokerClient* bc)
     }
 #ifdef WOLFMQTT_BROKER_AUTH
     if (bc->username) {
-        WOLFMQTT_FORCE_ZERO(bc->username, XSTRLEN(bc->username) + 1);
+        BROKER_FORCE_ZERO(bc->username, XSTRLEN(bc->username) + 1);
         WOLFMQTT_FREE(bc->username);
     }
     if (bc->password) {
-        WOLFMQTT_FORCE_ZERO(bc->password, XSTRLEN(bc->password) + 1);
+        BROKER_FORCE_ZERO(bc->password, XSTRLEN(bc->password) + 1);
         WOLFMQTT_FREE(bc->password);
     }
 #endif
 #ifdef WOLFMQTT_BROKER_WILL
     if (bc->will_topic) {
-        WOLFMQTT_FORCE_ZERO(bc->will_topic, XSTRLEN(bc->will_topic) + 1);
+        BROKER_FORCE_ZERO(bc->will_topic, XSTRLEN(bc->will_topic) + 1);
         WOLFMQTT_FREE(bc->will_topic);
     }
     if (bc->will_payload) {
-        WOLFMQTT_FORCE_ZERO(bc->will_payload, bc->will_payload_len);
+        BROKER_FORCE_ZERO(bc->will_payload, bc->will_payload_len);
         WOLFMQTT_FREE(bc->will_payload);
     }
 #endif
@@ -2014,12 +2015,12 @@ static void BrokerClient_ClearWill(BrokerClient* bc)
     bc->will_topic[0] = '\0';
 #else
     if (bc->will_topic) {
-        WOLFMQTT_FORCE_ZERO(bc->will_topic, XSTRLEN(bc->will_topic) + 1);
+        BROKER_FORCE_ZERO(bc->will_topic, XSTRLEN(bc->will_topic) + 1);
         WOLFMQTT_FREE(bc->will_topic);
         bc->will_topic = NULL;
     }
     if (bc->will_payload) {
-        WOLFMQTT_FORCE_ZERO(bc->will_payload, bc->will_payload_len);
+        BROKER_FORCE_ZERO(bc->will_payload, bc->will_payload_len);
         WOLFMQTT_FREE(bc->will_payload);
         bc->will_payload = NULL;
     }
@@ -2119,14 +2120,14 @@ static int BrokerPendingWill_Add(MqttBroker* broker, BrokerClient* bc)
     }
     else if (pw != NULL) {
         if (pw->topic) {
-            WOLFMQTT_FORCE_ZERO(pw->topic, XSTRLEN(pw->topic) + 1);
+            BROKER_FORCE_ZERO(pw->topic, XSTRLEN(pw->topic) + 1);
             WOLFMQTT_FREE(pw->topic);
         }
         if (pw->client_id) {
             WOLFMQTT_FREE(pw->client_id);
         }
         if (pw->payload) {
-            WOLFMQTT_FORCE_ZERO(pw->payload, pw->payload_len);
+            BROKER_FORCE_ZERO(pw->payload, pw->payload_len);
             WOLFMQTT_FREE(pw->payload);
         }
         WOLFMQTT_FREE(pw);
@@ -2180,11 +2181,11 @@ static void BrokerPendingWill_Cancel(MqttBroker* broker,
                 }
                 WOLFMQTT_FREE(pw->client_id);
                 if (pw->topic) {
-                    WOLFMQTT_FORCE_ZERO(pw->topic, XSTRLEN(pw->topic) + 1);
+                    BROKER_FORCE_ZERO(pw->topic, XSTRLEN(pw->topic) + 1);
                     WOLFMQTT_FREE(pw->topic);
                 }
                 if (pw->payload) {
-                    WOLFMQTT_FORCE_ZERO(pw->payload, pw->payload_len);
+                    BROKER_FORCE_ZERO(pw->payload, pw->payload_len);
                     WOLFMQTT_FREE(pw->payload);
                 }
                 WOLFMQTT_FREE(pw);
@@ -2211,11 +2212,11 @@ static void BrokerPendingWill_FreeAll(MqttBroker* broker)
             BrokerPendingWill* next = pw->next;
             if (pw->client_id) WOLFMQTT_FREE(pw->client_id);
             if (pw->topic) {
-                WOLFMQTT_FORCE_ZERO(pw->topic, XSTRLEN(pw->topic) + 1);
+                BROKER_FORCE_ZERO(pw->topic, XSTRLEN(pw->topic) + 1);
                 WOLFMQTT_FREE(pw->topic);
             }
             if (pw->payload) {
-                WOLFMQTT_FORCE_ZERO(pw->payload, pw->payload_len);
+                BROKER_FORCE_ZERO(pw->payload, pw->payload_len);
                 WOLFMQTT_FREE(pw->payload);
             }
             WOLFMQTT_FREE(pw);
@@ -2279,11 +2280,11 @@ static int BrokerPendingWill_Process(MqttBroker* broker)
                 }
                 if (pw->client_id) WOLFMQTT_FREE(pw->client_id);
                 if (pw->topic) {
-                    WOLFMQTT_FORCE_ZERO(pw->topic, XSTRLEN(pw->topic) + 1);
+                    BROKER_FORCE_ZERO(pw->topic, XSTRLEN(pw->topic) + 1);
                     WOLFMQTT_FREE(pw->topic);
                 }
                 if (pw->payload) {
-                    WOLFMQTT_FORCE_ZERO(pw->payload, pw->payload_len);
+                    BROKER_FORCE_ZERO(pw->payload, pw->payload_len);
                     WOLFMQTT_FREE(pw->payload);
                 }
                 WOLFMQTT_FREE(pw);
diff --git a/src/mqtt_client.c b/src/mqtt_client.c
@@ -26,6 +26,8 @@
 
 #include "wolfmqtt/mqtt_client.h"
 
+#define CLIENT_FORCE_ZERO(mem, len) Mqtt_ForceZero(mem, (word32)(len))
+
 /* DOCUMENTED BUILD OPTIONS:
  *
  * WOLFMQTT_MULTITHREAD: Enables multi-thread support with mutex protection on
@@ -1731,7 +1733,7 @@ int MqttClient_Connect(MqttClient *client, MqttConnect *mc_connect)
 
         /* Clear tx_buf to remove any plaintext credentials from memory.
          * Use xfer (saved before MqttWriteStop zeroes client->write) */
-        WOLFMQTT_FORCE_ZERO(client->tx_buf, xfer);
+        CLIENT_FORCE_ZERO(client->tx_buf, xfer);
 
         if (rc != xfer) {
             MqttClient_CancelMessage(client, (MqttObject*)mc_connect);
diff --git a/wolfmqtt/mqtt_types.h b/wolfmqtt/mqtt_types.h
@@ -358,24 +358,13 @@ enum MqttPacketResponseCodes {
     #define WOLFMQTT_NORETURN
 #endif
 
-/* Secure memory zeroing - prevents compiler dead-store elimination */
-#ifndef WOLFMQTT_FORCE_ZERO
-    #ifdef ENABLE_MQTT_TLS
-        #include <wolfssl/wolfcrypt/memory.h>
-        #define WOLFMQTT_FORCE_ZERO(mem, len) wc_ForceZero(mem, (word32)(len))
-    #else
-        static INLINE void wolfmqtt_force_zero(void* mem, word32 len)
-        {
-            volatile byte* p = (volatile byte*)mem;
-            word32 i;
-            for (i = 0; i < len; i++) {
-                p[i] = 0;
-            }
-        }
-        #define WOLFMQTT_FORCE_ZERO(mem, len) \
-            wolfmqtt_force_zero(mem, (word32)(len))
-    #endif
-#endif
+/* Secure memory zeroing - uses volatile pointer to prevent compiler
+ * from optimizing away the stores (dead-store elimination). */
+static INLINE void Mqtt_ForceZero(void* mem, word32 len)
+{
+    volatile byte* z = (volatile byte*)mem;
+    while (len--) *z++ = 0;
+}
 
 /* Logging / Tracing */
 #ifdef WOLFMQTT_NO_STDIO

Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,7 @@`
`35`	`35`
`36`	`36`	`#ifdef WOLFMQTT_BROKER`
`37`	`37`
	`38`	`+#define BROKER_FORCE_ZERO(mem, len) Mqtt_ForceZero(mem, (word32)(len))`
`38`	`39`
`39`	`40`	`/* -------------------------------------------------------------------------- */`
`40`	`41`	`/* Platform includes */`
`@@ -171,7 +172,7 @@ static void BrokerStore_StringSensitive(char* dst, int max_len,`
`171`	`172`	`const char* src, word16 src_len)`
`172`	`173`	`{`
`173`	`174`	`/* Wipe old value before overwriting */`
`174`		`- WOLFMQTT_FORCE_ZERO(dst, max_len);`
	`175`	`+ BROKER_FORCE_ZERO(dst, max_len);`
`175`	`176`	`if (src_len >= (word16)max_len) {`
`176`	`177`	`src_len = (word16)(max_len - 1);`
`177`	`178`	`}`
`@@ -184,7 +185,7 @@ static void BrokerStore_String(char** dst_ptr,`
`184`	`185`	`{`
`185`	`186`	`if (*dst_ptr != NULL) {`
`186`	`187`	`if (sensitive) {`
`187`		`- WOLFMQTT_FORCE_ZERO(dst_ptr, XSTRLEN(dst_ptr) + 1);`
	`188`	`+ BROKER_FORCE_ZERO(dst_ptr, XSTRLEN(dst_ptr) + 1);`
`188`	`189`	`}`
`189`	`190`	`WOLFMQTT_FREE(*dst_ptr);`
`190`	`191`	`*dst_ptr = NULL;`
`@@ -1220,21 +1221,21 @@ static void BrokerClient_Free(BrokerClient* bc)`
`1220`	`1221`	`}`
`1221`	`1222`	`#ifdef WOLFMQTT_BROKER_AUTH`
`1222`	`1223`	`if (bc->username) {`
`1223`		`- WOLFMQTT_FORCE_ZERO(bc->username, XSTRLEN(bc->username) + 1);`
	`1224`	`+ BROKER_FORCE_ZERO(bc->username, XSTRLEN(bc->username) + 1);`
`1224`	`1225`	`WOLFMQTT_FREE(bc->username);`
`1225`	`1226`	`}`
`1226`	`1227`	`if (bc->password) {`
`1227`		`- WOLFMQTT_FORCE_ZERO(bc->password, XSTRLEN(bc->password) + 1);`
	`1228`	`+ BROKER_FORCE_ZERO(bc->password, XSTRLEN(bc->password) + 1);`
`1228`	`1229`	`WOLFMQTT_FREE(bc->password);`
`1229`	`1230`	`}`
`1230`	`1231`	`#endif`
`1231`	`1232`	`#ifdef WOLFMQTT_BROKER_WILL`
`1232`	`1233`	`if (bc->will_topic) {`
`1233`		`- WOLFMQTT_FORCE_ZERO(bc->will_topic, XSTRLEN(bc->will_topic) + 1);`
	`1234`	`+ BROKER_FORCE_ZERO(bc->will_topic, XSTRLEN(bc->will_topic) + 1);`
`1234`	`1235`	`WOLFMQTT_FREE(bc->will_topic);`
`1235`	`1236`	`}`
`1236`	`1237`	`if (bc->will_payload) {`
`1237`		`- WOLFMQTT_FORCE_ZERO(bc->will_payload, bc->will_payload_len);`
	`1238`	`+ BROKER_FORCE_ZERO(bc->will_payload, bc->will_payload_len);`
`1238`	`1239`	`WOLFMQTT_FREE(bc->will_payload);`
`1239`	`1240`	`}`
`1240`	`1241`	`#endif`
`@@ -2014,12 +2015,12 @@ static void BrokerClient_ClearWill(BrokerClient* bc)`
`2014`	`2015`	`bc->will_topic[0] = '\0';`
`2015`	`2016`	`#else`
`2016`	`2017`	`if (bc->will_topic) {`
`2017`		`- WOLFMQTT_FORCE_ZERO(bc->will_topic, XSTRLEN(bc->will_topic) + 1);`
	`2018`	`+ BROKER_FORCE_ZERO(bc->will_topic, XSTRLEN(bc->will_topic) + 1);`
`2018`	`2019`	`WOLFMQTT_FREE(bc->will_topic);`
`2019`	`2020`	`bc->will_topic = NULL;`
`2020`	`2021`	`}`
`2021`	`2022`	`if (bc->will_payload) {`
`2022`		`- WOLFMQTT_FORCE_ZERO(bc->will_payload, bc->will_payload_len);`
	`2023`	`+ BROKER_FORCE_ZERO(bc->will_payload, bc->will_payload_len);`
`2023`	`2024`	`WOLFMQTT_FREE(bc->will_payload);`
`2024`	`2025`	`bc->will_payload = NULL;`
`2025`	`2026`	`}`
`@@ -2119,14 +2120,14 @@ static int BrokerPendingWill_Add(MqttBroker* broker, BrokerClient* bc)`
`2119`	`2120`	`}`
`2120`	`2121`	`else if (pw != NULL) {`
`2121`	`2122`	`if (pw->topic) {`
`2122`		`- WOLFMQTT_FORCE_ZERO(pw->topic, XSTRLEN(pw->topic) + 1);`
	`2123`	`+ BROKER_FORCE_ZERO(pw->topic, XSTRLEN(pw->topic) + 1);`
`2123`	`2124`	`WOLFMQTT_FREE(pw->topic);`
`2124`	`2125`	`}`
`2125`	`2126`	`if (pw->client_id) {`
`2126`	`2127`	`WOLFMQTT_FREE(pw->client_id);`
`2127`	`2128`	`}`
`2128`	`2129`	`if (pw->payload) {`
`2129`		`- WOLFMQTT_FORCE_ZERO(pw->payload, pw->payload_len);`
	`2130`	`+ BROKER_FORCE_ZERO(pw->payload, pw->payload_len);`
`2130`	`2131`	`WOLFMQTT_FREE(pw->payload);`
`2131`	`2132`	`}`
`2132`	`2133`	`WOLFMQTT_FREE(pw);`
`@@ -2180,11 +2181,11 @@ static void BrokerPendingWill_Cancel(MqttBroker* broker,`
`2180`	`2181`	`}`
`2181`	`2182`	`WOLFMQTT_FREE(pw->client_id);`
`2182`	`2183`	`if (pw->topic) {`
`2183`		`- WOLFMQTT_FORCE_ZERO(pw->topic, XSTRLEN(pw->topic) + 1);`
	`2184`	`+ BROKER_FORCE_ZERO(pw->topic, XSTRLEN(pw->topic) + 1);`
`2184`	`2185`	`WOLFMQTT_FREE(pw->topic);`
`2185`	`2186`	`}`
`2186`	`2187`	`if (pw->payload) {`
`2187`		`- WOLFMQTT_FORCE_ZERO(pw->payload, pw->payload_len);`
	`2188`	`+ BROKER_FORCE_ZERO(pw->payload, pw->payload_len);`
`2188`	`2189`	`WOLFMQTT_FREE(pw->payload);`
`2189`	`2190`	`}`
`2190`	`2191`	`WOLFMQTT_FREE(pw);`
`@@ -2211,11 +2212,11 @@ static void BrokerPendingWill_FreeAll(MqttBroker* broker)`
`2211`	`2212`	`BrokerPendingWill* next = pw->next;`
`2212`	`2213`	`if (pw->client_id) WOLFMQTT_FREE(pw->client_id);`
`2213`	`2214`	`if (pw->topic) {`
`2214`		`- WOLFMQTT_FORCE_ZERO(pw->topic, XSTRLEN(pw->topic) + 1);`
	`2215`	`+ BROKER_FORCE_ZERO(pw->topic, XSTRLEN(pw->topic) + 1);`
`2215`	`2216`	`WOLFMQTT_FREE(pw->topic);`
`2216`	`2217`	`}`
`2217`	`2218`	`if (pw->payload) {`
`2218`		`- WOLFMQTT_FORCE_ZERO(pw->payload, pw->payload_len);`
	`2219`	`+ BROKER_FORCE_ZERO(pw->payload, pw->payload_len);`
`2219`	`2220`	`WOLFMQTT_FREE(pw->payload);`
`2220`	`2221`	`}`
`2221`	`2222`	`WOLFMQTT_FREE(pw);`
`@@ -2279,11 +2280,11 @@ static int BrokerPendingWill_Process(MqttBroker* broker)`
`2279`	`2280`	`}`
`2280`	`2281`	`if (pw->client_id) WOLFMQTT_FREE(pw->client_id);`
`2281`	`2282`	`if (pw->topic) {`
`2282`		`- WOLFMQTT_FORCE_ZERO(pw->topic, XSTRLEN(pw->topic) + 1);`
	`2283`	`+ BROKER_FORCE_ZERO(pw->topic, XSTRLEN(pw->topic) + 1);`
`2283`	`2284`	`WOLFMQTT_FREE(pw->topic);`
`2284`	`2285`	`}`
`2285`	`2286`	`if (pw->payload) {`
`2286`		`- WOLFMQTT_FORCE_ZERO(pw->payload, pw->payload_len);`
	`2287`	`+ BROKER_FORCE_ZERO(pw->payload, pw->payload_len);`
`2287`	`2288`	`WOLFMQTT_FREE(pw->payload);`
`2288`	`2289`	`}`
`2289`	`2290`	`WOLFMQTT_FREE(pw);`