From c97186ae96d4835841b02d377a9002d078a6f83b Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Mon, 26 Sep 2016 07:56:26 +0200 Subject: Ensure sensitive memory is correctly erased. --- DcsCfg/DcsCfgCrypt.c | 11 +++++++++++ DcsInt/DcsInt.c | 11 ++++++----- Library/DcsCfgLib/GptEdit.c | 2 ++ Library/PasswordLib/ConsolePassword.c | 1 + Library/PasswordLib/PicturePassword.c | 2 ++ Library/VeraCryptLib/DcsVeraCrypt.c | 1 + 6 files changed, 23 insertions(+), 5 deletions(-) diff --git a/DcsCfg/DcsCfgCrypt.c b/DcsCfg/DcsCfgCrypt.c index d031dcb..4b700b6 100644 --- a/DcsCfg/DcsCfgCrypt.c +++ b/DcsCfg/DcsCfgCrypt.c @@ -163,7 +163,14 @@ ChangePassword( ZeroMem(&newPassword, sizeof(newPassword)); ZeroMem(&confirmPassword, sizeof(newPassword)); VCAskPwd(AskPwdNew, &newPassword); + if (gAuthPwdCode == AskPwdRetCancel) { + return EFI_NOT_READY; + } VCAskPwd(AskPwdConfirm, &confirmPassword); + if (gAuthPwdCode == AskPwdRetCancel) { + burn(&newPassword, sizeof(newPassword)); + return EFI_NOT_READY; + } if (newPassword.Length == confirmPassword.Length) { if (CompareMem(newPassword.Text, confirmPassword.Text, confirmPassword.Length) == 0) { break; @@ -191,6 +198,10 @@ ChangePassword( cryptoInfo->HeaderFlags, cryptoInfo->SectorSize, FALSE); + + + burn(&newPassword, sizeof(newPassword)); + burn(&confirmPassword, sizeof(confirmPassword)); if (vcres != 0) { ERR_PRINT(L"header create error(%x)\n", vcres); diff --git a/DcsInt/DcsInt.c b/DcsInt/DcsInt.c index 46398c9..b2fa76c 100644 --- a/DcsInt/DcsInt.c +++ b/DcsInt/DcsInt.c @@ -156,8 +156,8 @@ PrepareBootParams( SetSecRegionParamsMemory(); // Clean auth data - ZeroMem(&gAuthPassword, sizeof(gAuthPassword)); - gAuthPim = 0; + burn(&gAuthPassword, sizeof(gAuthPassword)); + burn(&gAuthPim, sizeof(gAuthPim)); return EFI_SUCCESS; } @@ -536,6 +536,7 @@ SecRegionChangePwd() { } VCAskPwd(AskPwdConfirm, &confirmPassword); if (gAuthPwdCode == AskPwdRetCancel) { + burn(&newPassword, sizeof(newPassword)); return EFI_NOT_READY; } if (newPassword.Length == confirmPassword.Length) { @@ -921,15 +922,15 @@ VirtualNotifyEvent( { // Clean all sensible info and keys before transfer to OS if (SecRegionCryptInfo != NULL) { - ZeroMem(SecRegionCryptInfo, sizeof(*SecRegionCryptInfo)); + burn(SecRegionCryptInfo, sizeof(*SecRegionCryptInfo)); } if (gRnd != NULL) { - ZeroMem(gRnd, sizeof(*gRnd)); + burn(gRnd, sizeof(*gRnd)); } if (SecRegionData != NULL) { - ZeroMem(SecRegionData, SecRegionSize); + burn(SecRegionData, SecRegionSize); } } diff --git a/Library/DcsCfgLib/GptEdit.c b/Library/DcsCfgLib/GptEdit.c index f814975..a33d3ca 100644 --- a/Library/DcsCfgLib/GptEdit.c +++ b/Library/DcsCfgLib/GptEdit.c @@ -903,6 +903,8 @@ DeListPwdCacheEdit() DePwdCache->CRC = 0; res =gBS->CalculateCrc32(DePwdCache, 512, &crc); DePwdCache->CRC = crc; + burn (&pwd, sizeof(pwd)); + burn (&pim, sizeof(pim)); return res; } diff --git a/Library/PasswordLib/ConsolePassword.c b/Library/PasswordLib/ConsolePassword.c index c195b48..1b8c48a 100644 --- a/Library/PasswordLib/ConsolePassword.c +++ b/Library/PasswordLib/ConsolePassword.c @@ -116,6 +116,7 @@ AskConsolePwdInt( } while (key.UnicodeChar != CHAR_CARRIAGE_RETURN); if (length != NULL) *length = count; + burn (&key, sizeof (key)); // Set end of line if (asciiLine != NULL) { asciiLine[count] = '\0'; diff --git a/Library/PasswordLib/PicturePassword.c b/Library/PasswordLib/PicturePassword.c index 67ffcbe..886ffcd 100644 --- a/Library/PasswordLib/PicturePassword.c +++ b/Library/PasswordLib/PicturePassword.c @@ -628,6 +628,8 @@ AskPictPwdInt( pwdAction = PwdActNone; } while (TRUE); + burn (&key, sizeof (key)); + burn (&pwdNewChar, sizeof (pwdNewChar)); gBS->CloseEvent(InputEvents[1]); gBS->CloseEvent(UpdateEvent); gBS->CloseEvent(BeepOffEvent); diff --git a/Library/VeraCryptLib/DcsVeraCrypt.c b/Library/VeraCryptLib/DcsVeraCrypt.c index ba92931..1b6cd35 100644 --- a/Library/VeraCryptLib/DcsVeraCrypt.c +++ b/Library/VeraCryptLib/DcsVeraCrypt.c @@ -391,4 +391,5 @@ ApplyKeyFile( if (password->Length < (int)sizeof(keyPool)) password->Length = sizeof(keyPool); + burn (keyPool, sizeof(keyPool)); } \ No newline at end of file -- cgit v1.2.3