Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 11:08:02 -06:00
Code Activity

Linux/MacOSX: Erase sensitive memory explicitly instead of relying on the compiler not optimizing calls to method Memory::Erase

Browse Source
This commit is contained in:
Mounir IDRASSI
2020-06-28 00:59:57 +02:00
parent fded83d25c
commit 885cc1d01d
7 changed files with 5 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Common/SecurityToken.cpp
View File

@@ -32,10 +32,6 @@
#include "SecurityToken.h" #include "SecurityToken.h"
#ifndef burn
# define burn Memory::Erase
#endif
using namespace std; using namespace std;
namespace VeraCrypt namespace VeraCrypt

2
src/Core/Unix/CoreService.cpp
View File

@@ -460,7 +460,7 @@ namespace VeraCrypt
if (write (inPipe->GetWriteFD(), &adminPassword.front(), adminPassword.size())) { } // Errors ignored if (write (inPipe->GetWriteFD(), &adminPassword.front(), adminPassword.size())) { } // Errors ignored
Memory::Erase (&adminPassword.front(), adminPassword.size()); burn (&adminPassword.front(), adminPassword.size());
throw_sys_if (fcntl (outPipe->GetReadFD(), F_SETFL, O_NONBLOCK) == -1); throw_sys_if (fcntl (outPipe->GetReadFD(), F_SETFL, O_NONBLOCK) == -1);
throw_sys_if (fcntl (errPipe.GetReadFD(), F_SETFL, O_NONBLOCK) == -1); throw_sys_if (fcntl (errPipe.GetReadFD(), F_SETFL, O_NONBLOCK) == -1);

2
src/Platform/Buffer.cpp
View File

@@ -77,7 +77,7 @@ namespace VeraCrypt
void Buffer::Erase () void Buffer::Erase ()
{ {
if (DataSize > 0) if (DataSize > 0)
Memory::Erase (DataPtr, DataSize); burn (DataPtr, DataSize);
} }
void Buffer::Free () void Buffer::Free ()

6
src/Platform/Memory.cpp
View File

@@ -10,7 +10,6 @@
code distribution packages. code distribution packages.
*/ */
#include "Common/Tcdefs.h"
#include "Memory.h" #include "Memory.h"
#include "Exception.h" #include "Exception.h"
#include <stdlib.h> #include <stdlib.h>
@@ -62,11 +61,6 @@ namespace VeraCrypt
memcpy (memoryDestination, memorySource, size); memcpy (memoryDestination, memorySource, size);
} }
void Memory::Erase (void *memory, size_t size)
{
burn (memory, size);
}
void Memory::Zero (void *memory, size_t size) void Memory::Zero (void *memory, size_t size)
{ {
memset (memory, 0, size); memset (memory, 0, size);

2
src/Platform/Memory.h
View File

@@ -16,6 +16,7 @@
#include <new> #include <new>
#include <memory.h> #include <memory.h>
#include "PlatformBase.h" #include "PlatformBase.h"
#include "Common/Tcdefs.h"
#ifdef TC_WINDOWS #ifdef TC_WINDOWS
@@ -76,7 +77,6 @@ namespace VeraCrypt
static void *AllocateAligned (size_t size, size_t alignment); static void *AllocateAligned (size_t size, size_t alignment);
static int Compare (const void *memory1, size_t size1, const void *memory2, size_t size2); static int Compare (const void *memory1, size_t size1, const void *memory2, size_t size2);
static void Copy (void *memoryDestination, const void *memorySource, size_t size); static void Copy (void *memoryDestination, const void *memorySource, size_t size);
static void Erase (void *memory, size_t size);
static void Free (void *memory); static void Free (void *memory);
static void FreeAligned (void *memory); static void FreeAligned (void *memory);
static void Zero (void *memory, size_t size); static void Zero (void *memory, size_t size);

2
src/Platform/StringConverter.cpp
View File

@@ -233,7 +233,7 @@ namespace VeraCrypt
str.clear(); str.clear();
str.insert (0, &buf.front(), size); str.insert (0, &buf.front(), size);
Memory::Erase (&buf.front(), buf.size()); burn (&buf.front(), buf.size());
} }
catch (...) catch (...)
{ {

2
src/Volume/Keyfile.cpp
View File

@@ -57,7 +57,7 @@ namespace VeraCrypt
break; break;
} }
Memory::Erase (&keyfileData.front(), keyfileData.size()); burn (&keyfileData.front(), keyfileData.size());
goto done; goto done;
} }