diff options
author | rl1987 <rl1987@sdf.lonestar.org> | 2016-01-03 17:08:21 +0100 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2016-01-07 14:25:31 -0800 |
commit | fb373a9ef6f07229b20cf1176522c625cd5c0a4d (patch) | |
tree | af5db95093a5e7ed41974e2885fc996dab1041f0 | |
parent | 3783046f3b519533fc721472f38ccf437d2d12a5 (diff) | |
download | tor-fb373a9ef6f07229b20cf1176522c625cd5c0a4d.tar.gz tor-fb373a9ef6f07229b20cf1176522c625cd5c0a4d.zip |
On win32, use SecureZeroMemory() to securely wipe buffers.
{Also tweak the comments. -nickm)
-rw-r--r-- | changes/feature17986 | 3 | ||||
-rw-r--r-- | src/common/crypto.c | 15 |
2 files changed, 13 insertions, 5 deletions
diff --git a/changes/feature17986 b/changes/feature17986 new file mode 100644 index 0000000000..ef82bd3503 --- /dev/null +++ b/changes/feature17986 @@ -0,0 +1,3 @@ + o Minor features: + - Use SecureMemoryWipe() function to securely clean memory on + Windows. Implements feature 17986. diff --git a/src/common/crypto.c b/src/common/crypto.c index e62cc0a511..134e69aa20 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -2960,6 +2960,16 @@ memwipe(void *mem, uint8_t byte, size_t sz) * have this function call "memset". A smart compiler could inline it, then * eliminate dead memsets, and declare itself to be clever. */ +#ifdef _WIN32 + /* Here's what you do on windows. */ + SecureZeroMemory(mem,sz); +#elif defined(HAVE_EXPLICIT_BZERO) + /* The BSDs provide this. */ + explicit_bzero(mem, sz); +#elif defined(HAVE_MEMSET_S) + /* This is in the C99 standard. */ + memset_s(mem, sz, 0, sz); +#else /* This is a slow and ugly function from OpenSSL that fills 'mem' with junk * based on the pointer value, then uses that junk to update a global * variable. It's an elaborate ruse to trick the compiler into not @@ -2971,11 +2981,6 @@ memwipe(void *mem, uint8_t byte, size_t sz) * OPENSSL_cleanse() on most platforms, which ought to do the job. **/ -#ifdef HAVE_EXPLICIT_BZERO - explicit_bzero(mem, sz); -#elif HAVE_MEMSET_S - memset_s( mem, sz, 0, sz ); -#else OPENSSL_cleanse(mem, sz); #endif |