Hi,
On Mon, Nov 28, 2016 at 5:14 PM, Steffan Karger <stef...@karger.me> wrote:
> As described in trac #751, and shortly after reported by Zhaomo Yang, of
> the University of California, San Diego, we use memset() (often through
> the CLEAR() macro) to erase secrets after use. In some cases however, the
> compiler might optimize these calls away.
>
> This patch replaces these memset() calls on secrets by calls to a new
> secure_memzero() function, that will not be optimized away.
>
> Since we use CLEAR() a LOT of times, I'm not changing that to use
> secure_memzero() to prevent performance impact. I did annotate the macro
> to point people at secure_memzero().
>
> This patch also replaces some CLEAR() or memset() calls with a zero-
> initialization using "= { 0 }" if that has the same effect, because that
> better captures the intend of that code.
>
> Signed-off-by: Steffan Karger <steffan.kar...@fox-it.com>
> ---
> v2: replace more memset()/CLEAR() calls with secure_memzero()
>
> src/openvpn/basic.h | 2 +-
> src/openvpn/buffer.c | 8 ++++----
> src/openvpn/buffer.h | 43 ++++++++++++++++++++++++++++++
> ++++++++++
> src/openvpn/console_builtin.c | 2 +-
> src/openvpn/crypto.c | 17 ++++++----------
> src/openvpn/manage.c | 2 +-
> src/openvpn/misc.c | 4 ++--
> src/openvpn/options.c | 6 +++---
> src/openvpn/ssl.c | 32 +++++++++++++++---------------
> src/openvpn/ssl_verify.c | 4 ++--
> src/openvpn/ssl_verify_mbedtls.c | 4 +---
> 11 files changed, 80 insertions(+), 44 deletions(-)
Took a second look at v2: sizes of data structs/buffers correctly passed to
secure_memset and no new warnings with gcc -Wall :)
ACK.
Selva
------------------------------------------------------------------------------
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
