Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tls: Securely clear memory from private key material #460

Merged
merged 2 commits into from
Jul 27, 2022
Merged

tls: Securely clear memory from private key material #460

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
970dcbb
mem: Added mem_secclean function.
Lastique Jul 27, 2022
9d370c4
tls: Securely clear memory from private key material.
Lastique Jul 26, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion include/re_mem.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ void *mem_zalloc(size_t size, mem_destroy_h *dh);
void *mem_realloc(void *data, size_t size);
void *mem_reallocarray(void *ptr, size_t nmemb,
size_t membsize, mem_destroy_h *dh);
void mem_destructor(void *data, mem_destroy_h *dh);
void mem_destructor(void *data, mem_destroy_h *dh);
void *mem_ref(void *data);
void *mem_deref(void *data);
uint32_t mem_nrefs(const void *data);
Expand All @@ -40,3 +40,4 @@ int mem_get_stat(struct memstat *mstat);

/* Secure memory functions */
int mem_seccmp(const uint8_t *s1, const uint8_t *s2, size_t n);
void mem_secclean(void *data, size_t size);
38 changes: 37 additions & 1 deletion src/mem/secure.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,15 @@
* Copyright (C) 2010 Creytiv.com
*/

#include <string.h>
#include <re_types.h>
#include <re_mem.h>

#if !defined(__GNUC__) && defined(WIN32)
#if !defined(WIN32_LEAN_AND_MEAN)
#define WIN32_LEAN_AND_MEAN
#endif
#include <windows.h>
#endif /* !defined(__GNUC__) && defined(WIN32) */

/**
* Compare two byte strings in constant time. This function can be used
Expand Down Expand Up @@ -35,3 +41,33 @@ int mem_seccmp(const uint8_t *s1, const uint8_t *s2, size_t n)

return val;
}


#if !defined(__GNUC__) && !defined(WIN32)
/* Use a volatile pointer to memset to force the compiler always
* call it and not optimize away. */
typedef void *(memset_t)(void *, int, size_t);
static memset_t *const volatile memset_ptr = &memset;
#endif

/**
* Securely clean memory. This function is guaranteed not to get optimized
* away by compiler.
*
* @param data Pointer to data buffer
* @param size Size of the buffer
*/
void mem_secclean(void *data, size_t size)
{
#if defined(__GNUC__)
memset(data, 0, size);
/* Insert an asm statement that may potentially depend
* on the memory contents that were affected by memset.
* This prevents optimizing away the memset. */
__asm__ __volatile__("" : : "r" (data), "r" (size) : "memory");
sreimers marked this conversation as resolved.
Show resolved Hide resolved
#elif defined(WIN32)
SecureZeroMemory(data, size);
#else
(*memset_ptr)(data, 0, size);
#endif
}
2 changes: 2 additions & 0 deletions src/tls/openssl/tls.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1195,6 +1195,8 @@ int tls_srtp_keyinfo(const struct tls_conn *tc, enum srtp_suite *suite,
memcpy(cli_key + key_size, p, salt_size); p += salt_size;
memcpy(srv_key + key_size, p, salt_size);

mem_secclean(keymat, sizeof(keymat));

return 0;
#else
(void)tc;
Expand Down