Linux/MacOSX: Erase sensitive memory explicitly instead of relying on the compiler not optimizing calls to method Memory::Erase

2024-11-10 13:13:34 +01:00 · 2020-06-28 00:59:57 +02:00 · 2020-06-28 00:59:57 +02:00 · 885cc1d01d
commit 885cc1d01d
parent fded83d25c
7 changed files with 5 additions and 15 deletions
--- a/src/Common/SecurityToken.cpp
+++ b/src/Common/SecurityToken.cpp
@ -32,10 +32,6 @@

 #include "SecurityToken.h"

-#ifndef burn
-#	define burn Memory::Erase
-#endif
-
 using namespace std;

 namespace VeraCrypt
--- a/src/Core/Unix/CoreService.cpp
+++ b/src/Core/Unix/CoreService.cpp
@ -460,7 +460,7 @@ namespace VeraCrypt

 		if (write (inPipe->GetWriteFD(), &adminPassword.front(), adminPassword.size())) { } // Errors ignored

-		Memory::Erase (&adminPassword.front(), adminPassword.size());
+		burn (&adminPassword.front(), adminPassword.size());

 		throw_sys_if (fcntl (outPipe->GetReadFD(), F_SETFL, O_NONBLOCK) == -1);
 		throw_sys_if (fcntl (errPipe.GetReadFD(), F_SETFL, O_NONBLOCK) == -1);
--- a/src/Platform/Buffer.cpp
+++ b/src/Platform/Buffer.cpp
@ -77,7 +77,7 @@ namespace VeraCrypt
 	void Buffer::Erase ()
 	{
 		if (DataSize > 0)
-			Memory::Erase (DataPtr, DataSize);
+			burn (DataPtr, DataSize);
 	}

 	void Buffer::Free ()
--- a/src/Platform/Memory.cpp
+++ b/src/Platform/Memory.cpp
@ -10,7 +10,6 @@
 code distribution packages.
 */

-#include "Common/Tcdefs.h"
 #include "Memory.h"
 #include "Exception.h"
 #include <stdlib.h>
@ -62,11 +61,6 @@ namespace VeraCrypt
 		memcpy (memoryDestination, memorySource, size);
 	}

-	void Memory::Erase (void *memory, size_t size)
-	{
-		burn (memory, size);
-	}
-
 	void Memory::Zero (void *memory, size_t size)
 	{
 		memset (memory, 0, size);
--- a/src/Platform/Memory.h
+++ b/src/Platform/Memory.h
@ -16,6 +16,7 @@
 #include <new>
 #include <memory.h>
 #include "PlatformBase.h"
+#include "Common/Tcdefs.h"

 #ifdef TC_WINDOWS

@ -76,7 +77,6 @@ namespace VeraCrypt
 		static void *AllocateAligned (size_t size, size_t alignment);
 		static int Compare (const void *memory1, size_t size1, const void *memory2, size_t size2);
 		static void Copy (void *memoryDestination, const void *memorySource, size_t size);
-		static void Erase (void *memory, size_t size);
 		static void Free (void *memory);
 		static void FreeAligned (void *memory);
 		static void Zero (void *memory, size_t size);
--- a/src/Platform/StringConverter.cpp
+++ b/src/Platform/StringConverter.cpp
@ -233,7 +233,7 @@ namespace VeraCrypt

 			str.clear();
 			str.insert (0, &buf.front(), size);
-			Memory::Erase (&buf.front(), buf.size());
+			burn (&buf.front(), buf.size());
 		}
 		catch (...)
 		{
--- a/src/Volume/Keyfile.cpp
+++ b/src/Volume/Keyfile.cpp
@ -57,7 +57,7 @@ namespace VeraCrypt
 					break;
 			}

-			Memory::Erase (&keyfileData.front(), keyfileData.size());
+			burn (&keyfileData.front(), keyfileData.size());
 			goto done;
 		}