VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2016-10-08 09:12:20 (GMT)
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2016-10-17 16:17:49 (GMT)
commit012c9134d4f6e29c2e13e56490e47a8547d41af7 (patch)
tree2175a5b43db90c323793b35627639bfa3268a8ae
parentc97186ae96d4835841b02d377a9002d078a6f83b (diff)
downloadVeraCrypt-DCS-012c9134d4f6e29c2e13e56490e47a8547d41af7.zip
VeraCrypt-DCS-012c9134d4f6e29c2e13e56490e47a8547d41af7.tar.gz
define and use own version of secure memory erase macro instead of the one coming from VeraCrypt.
-rw-r--r--DcsCfg/DcsCfgCrypt.c6
-rw-r--r--DcsInt/DcsInt.c16
-rw-r--r--Include/Library/CommonLib.h1
-rw-r--r--Library/DcsCfgLib/GptEdit.c4
-rw-r--r--Library/PasswordLib/ConsolePassword.c2
-rw-r--r--Library/PasswordLib/PicturePassword.c4
6 files changed, 17 insertions, 16 deletions
diff --git a/DcsCfg/DcsCfgCrypt.c b/DcsCfg/DcsCfgCrypt.c
index 4b700b6..7295756 100644
--- a/DcsCfg/DcsCfgCrypt.c
+++ b/DcsCfg/DcsCfgCrypt.c
@@ -168,7 +168,7 @@ ChangePassword(
}
VCAskPwd(AskPwdConfirm, &confirmPassword);
if (gAuthPwdCode == AskPwdRetCancel) {
- burn(&newPassword, sizeof(newPassword));
+ MEM_BURN(&newPassword, sizeof(newPassword));
return EFI_NOT_READY;
}
if (newPassword.Length == confirmPassword.Length) {
@@ -200,8 +200,8 @@ ChangePassword(
FALSE);
- burn(&newPassword, sizeof(newPassword));
- burn(&confirmPassword, sizeof(confirmPassword));
+ MEM_BURN(&newPassword, sizeof(newPassword));
+ MEM_BURN(&confirmPassword, sizeof(confirmPassword));
if (vcres != 0) {
ERR_PRINT(L"header create error(%x)\n", vcres);
diff --git a/DcsInt/DcsInt.c b/DcsInt/DcsInt.c
index b2fa76c..5d91936 100644
--- a/DcsInt/DcsInt.c
+++ b/DcsInt/DcsInt.c
@@ -156,8 +156,8 @@ PrepareBootParams(
SetSecRegionParamsMemory();
// Clean auth data
- burn(&gAuthPassword, sizeof(gAuthPassword));
- burn(&gAuthPim, sizeof(gAuthPim));
+ MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
+ MEM_BURN(&gAuthPim, sizeof(gAuthPim));
return EFI_SUCCESS;
}
@@ -536,7 +536,7 @@ SecRegionChangePwd() {
}
VCAskPwd(AskPwdConfirm, &confirmPassword);
if (gAuthPwdCode == AskPwdRetCancel) {
- burn(&newPassword, sizeof(newPassword));
+ MEM_BURN(&newPassword, sizeof(newPassword));
return EFI_NOT_READY;
}
if (newPassword.Length == confirmPassword.Length) {
@@ -591,8 +591,8 @@ SecRegionChangePwd() {
ERR_PRINT(L"Update (%r)\n", Status);
ret:
- burn(&newPassword, sizeof(newPassword));
- burn(&confirmPassword, sizeof(confirmPassword));
+ MEM_BURN(&newPassword, sizeof(newPassword));
+ MEM_BURN(&confirmPassword, sizeof(confirmPassword));
return Status;
}
@@ -922,15 +922,15 @@ VirtualNotifyEvent(
{
// Clean all sensible info and keys before transfer to OS
if (SecRegionCryptInfo != NULL) {
- burn(SecRegionCryptInfo, sizeof(*SecRegionCryptInfo));
+ MEM_BURN(SecRegionCryptInfo, sizeof(*SecRegionCryptInfo));
}
if (gRnd != NULL) {
- burn(gRnd, sizeof(*gRnd));
+ MEM_BURN(gRnd, sizeof(*gRnd));
}
if (SecRegionData != NULL) {
- burn(SecRegionData, SecRegionSize);
+ MEM_BURN(SecRegionData, SecRegionSize);
}
}
diff --git a/Include/Library/CommonLib.h b/Include/Library/CommonLib.h
index 395d4c4..4f28e9b 100644
--- a/Include/Library/CommonLib.h
+++ b/Include/Library/CommonLib.h
@@ -32,6 +32,7 @@ https://opensource.org/licenses/LGPL-3.0
#define MEM_ALLOC MemAlloc
#define MEM_FREE MemFree
#define MEM_REALLOC MemRealloc
+#define MEM_BURN(ptr,count) do { volatile char *burnPtr = (volatile char *)(ptr); size_t burnCount = (size_t) count; while (burnCount--) *burnPtr++ = 0; } while (0)
VOID*
MemAlloc(
diff --git a/Library/DcsCfgLib/GptEdit.c b/Library/DcsCfgLib/GptEdit.c
index a33d3ca..ea016f1 100644
--- a/Library/DcsCfgLib/GptEdit.c
+++ b/Library/DcsCfgLib/GptEdit.c
@@ -903,8 +903,8 @@ DeListPwdCacheEdit()
DePwdCache->CRC = 0;
res =gBS->CalculateCrc32(DePwdCache, 512, &crc);
DePwdCache->CRC = crc;
- burn (&pwd, sizeof(pwd));
- burn (&pim, sizeof(pim));
+ MEM_BURN (&pwd, sizeof(pwd));
+ MEM_BURN (&pim, sizeof(pim));
return res;
}
diff --git a/Library/PasswordLib/ConsolePassword.c b/Library/PasswordLib/ConsolePassword.c
index 1b8c48a..fc03d24 100644
--- a/Library/PasswordLib/ConsolePassword.c
+++ b/Library/PasswordLib/ConsolePassword.c
@@ -116,7 +116,7 @@ AskConsolePwdInt(
} while (key.UnicodeChar != CHAR_CARRIAGE_RETURN);
if (length != NULL) *length = count;
- burn (&key, sizeof (key));
+ MEM_BURN (&key, sizeof (key));
// Set end of line
if (asciiLine != NULL) {
asciiLine[count] = '\0';
diff --git a/Library/PasswordLib/PicturePassword.c b/Library/PasswordLib/PicturePassword.c
index 886ffcd..053a4ad 100644
--- a/Library/PasswordLib/PicturePassword.c
+++ b/Library/PasswordLib/PicturePassword.c
@@ -628,8 +628,8 @@ AskPictPwdInt(
pwdAction = PwdActNone;
} while (TRUE);
- burn (&key, sizeof (key));
- burn (&pwdNewChar, sizeof (pwdNewChar));
+ MEM_BURN (&key, sizeof (key));
+ MEM_BURN (&pwdNewChar, sizeof (pwdNewChar));
gBS->CloseEvent(InputEvents[1]);
gBS->CloseEvent(UpdateEvent);
gBS->CloseEvent(BeepOffEvent);