1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
/* Copyright (c) 2001, Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
* \file crypto_util.c
*
* \brief Common cryptographic utilities.
**/
#ifndef CRYPTO_UTIL_PRIVATE
#define CRYPTO_UTIL_PRIVATE
#include "lib/crypt_ops/crypto_util.h"
#include <string.h>
#ifdef _WIN32
#include <winsock2.h>
#include <windows.h>
#include <wincrypt.h>
#endif /* defined(_WIN32) */
#include "common/util.h"
DISABLE_GCC_WARNING(redundant-decls)
#include <openssl/err.h>
#include <openssl/crypto.h>
ENABLE_GCC_WARNING(redundant-decls)
#include "lib/log/torlog.h"
/**
* Destroy the <b>sz</b> bytes of data stored at <b>mem</b>, setting them to
* the value <b>byte</b>.
* If <b>mem</b> is NULL or <b>sz</b> is zero, nothing happens.
*
* This function is preferable to memset, since many compilers will happily
* optimize out memset() when they can convince themselves that the data being
* cleared will never be read.
*
* Right now, our convention is to use this function when we are wiping data
* that's about to become inaccessible, such as stack buffers that are about
* to go out of scope or structures that are about to get freed. (In
* practice, it appears that the compilers we're currently using will optimize
* out the memset()s for stack-allocated buffers, but not those for
* about-to-be-freed structures. That could change, though, so we're being
* wary.) If there are live reads for the data, then you can just use
* memset().
*/
void
memwipe(void *mem, uint8_t byte, size_t sz)
{
if (sz == 0) {
return;
}
/* If sz is nonzero, then mem must not be NULL. */
tor_assert(mem != NULL);
/* Data this large is likely to be an underflow. */
tor_assert(sz < SIZE_T_CEILING);
/* Because whole-program-optimization exists, we may not be able to just
* have this function call "memset". A smart compiler could inline it, then
* eliminate dead memsets, and declare itself to be clever. */
#if defined(SecureZeroMemory) || defined(HAVE_SECUREZEROMEMORY)
/* Here's what you do on windows. */
SecureZeroMemory(mem,sz);
#elif defined(HAVE_RTLSECUREZEROMEMORY)
RtlSecureZeroMemory(mem,sz);
#elif defined(HAVE_EXPLICIT_BZERO)
/* The BSDs provide this. */
explicit_bzero(mem, sz);
#elif defined(HAVE_MEMSET_S)
/* This is in the C99 standard. */
memset_s(mem, sz, 0, sz);
#else
/* This is a slow and ugly function from OpenSSL that fills 'mem' with junk
* based on the pointer value, then uses that junk to update a global
* variable. It's an elaborate ruse to trick the compiler into not
* optimizing out the "wipe this memory" code. Read it if you like zany
* programming tricks! In later versions of Tor, we should look for better
* not-optimized-out memory wiping stuff...
*
* ...or maybe not. In practice, there are pure-asm implementations of
* OPENSSL_cleanse() on most platforms, which ought to do the job.
**/
OPENSSL_cleanse(mem, sz);
#endif /* defined(SecureZeroMemory) || defined(HAVE_SECUREZEROMEMORY) || ... */
/* Just in case some caller of memwipe() is relying on getting a buffer
* filled with a particular value, fill the buffer.
*
* If this function gets inlined, this memset might get eliminated, but
* that's okay: We only care about this particular memset in the case where
* the caller should have been using memset(), and the memset() wouldn't get
* eliminated. In other words, this is here so that we won't break anything
* if somebody accidentally calls memwipe() instead of memset().
**/
memset(mem, byte, sz);
}
/** Log all pending crypto errors at level <b>severity</b>. Use
* <b>doing</b> to describe our current activities.
*/
void
crypto_log_errors(int severity, const char *doing)
{
unsigned long err;
const char *msg, *lib, *func;
while ((err = ERR_get_error()) != 0) {
msg = (const char*)ERR_reason_error_string(err);
lib = (const char*)ERR_lib_error_string(err);
func = (const char*)ERR_func_error_string(err);
if (!msg) msg = "(null)";
if (!lib) lib = "(null)";
if (!func) func = "(null)";
if (BUG(!doing)) doing = "(null)";
tor_log(severity, LD_CRYPTO, "crypto error while %s: %s (in %s:%s)",
doing, msg, lib, func);
}
}
#endif /* !defined(CRYPTO_UTIL_PRIVATE) */
|
