[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Add a last-ditch memwipe() implementation for nss+old glibc
commit 8cd091a8d3133e9e5363bc4a673011178e54ab5d
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Wed Sep 5 16:34:01 2018 -0400
Add a last-ditch memwipe() implementation for nss+old glibc
On new glibc versions, there's an explicit_bzero(). With openssl,
there's openssl_memwipe().
When no other approach works, use memwipe() and a memory barrier.
---
src/lib/crypt_ops/crypto_util.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/lib/crypt_ops/crypto_util.c b/src/lib/crypt_ops/crypto_util.c
index 7af80291e..42024907e 100644
--- a/src/lib/crypt_ops/crypto_util.c
+++ b/src/lib/crypt_ops/crypto_util.c
@@ -80,7 +80,7 @@ memwipe(void *mem, uint8_t byte, size_t sz)
#elif defined(HAVE_MEMSET_S)
/* This is in the C99 standard. */
memset_s(mem, sz, 0, sz);
-#else
+#elif defined(ENABLE_OPENSSL)
/* This is a slow and ugly function from OpenSSL that fills 'mem' with junk
* based on the pointer value, then uses that junk to update a global
* variable. It's an elaborate ruse to trick the compiler into not
@@ -93,6 +93,9 @@ memwipe(void *mem, uint8_t byte, size_t sz)
**/
OPENSSL_cleanse(mem, sz);
+#else
+ memset(mem, 0, sz);
+ asm volatile ("" ::: "memory");
#endif /* defined(SecureZeroMemory) || defined(HAVE_SECUREZEROMEMORY) || ... */
/* Just in case some caller of memwipe() is relying on getting a buffer
@@ -105,4 +108,5 @@ memwipe(void *mem, uint8_t byte, size_t sz)
* if somebody accidentally calls memwipe() instead of memset().
**/
memset(mem, byte, sz);
+
}
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits