diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2016-10-08 11:12:20 +0200 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2016-10-17 18:17:49 +0200 |
| commit | 012c9134d4f6e29c2e13e56490e47a8547d41af7 (patch) | |
| tree | 2175a5b43db90c323793b35627639bfa3268a8ae | |
| parent | c97186ae96d4835841b02d377a9002d078a6f83b (diff) | |
| download | VeraCrypt-DCS-012c9134d4f6e29c2e13e56490e47a8547d41af7.tar.gz VeraCrypt-DCS-012c9134d4f6e29c2e13e56490e47a8547d41af7.zip | |
define and use own version of secure memory erase macro instead of the one coming from VeraCrypt.
| -rw-r--r-- | DcsCfg/DcsCfgCrypt.c | 6 | ||||
| -rw-r--r-- | DcsInt/DcsInt.c | 16 | ||||
| -rw-r--r-- | Include/Library/CommonLib.h | 1 | ||||
| -rw-r--r-- | Library/DcsCfgLib/GptEdit.c | 4 | ||||
| -rw-r--r-- | Library/PasswordLib/ConsolePassword.c | 2 | ||||
| -rw-r--r-- | Library/PasswordLib/PicturePassword.c | 4 |
6 files changed, 17 insertions, 16 deletions
diff --git a/DcsCfg/DcsCfgCrypt.c b/DcsCfg/DcsCfgCrypt.c index 4b700b6..7295756 100644 --- a/DcsCfg/DcsCfgCrypt.c +++ b/DcsCfg/DcsCfgCrypt.c @@ -168,7 +168,7 @@ ChangePassword( }
VCAskPwd(AskPwdConfirm, &confirmPassword);
if (gAuthPwdCode == AskPwdRetCancel) {
- burn(&newPassword, sizeof(newPassword));
+ MEM_BURN(&newPassword, sizeof(newPassword));
return EFI_NOT_READY;
}
if (newPassword.Length == confirmPassword.Length) {
@@ -200,8 +200,8 @@ ChangePassword( FALSE);
- burn(&newPassword, sizeof(newPassword));
- burn(&confirmPassword, sizeof(confirmPassword));
+ MEM_BURN(&newPassword, sizeof(newPassword));
+ MEM_BURN(&confirmPassword, sizeof(confirmPassword));
if (vcres != 0) {
ERR_PRINT(L"header create error(%x)\n", vcres);
diff --git a/DcsInt/DcsInt.c b/DcsInt/DcsInt.c index b2fa76c..5d91936 100644 --- a/DcsInt/DcsInt.c +++ b/DcsInt/DcsInt.c @@ -156,8 +156,8 @@ PrepareBootParams( SetSecRegionParamsMemory();
// Clean auth data
- burn(&gAuthPassword, sizeof(gAuthPassword));
- burn(&gAuthPim, sizeof(gAuthPim));
+ MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
+ MEM_BURN(&gAuthPim, sizeof(gAuthPim));
return EFI_SUCCESS;
}
@@ -536,7 +536,7 @@ SecRegionChangePwd() { }
VCAskPwd(AskPwdConfirm, &confirmPassword);
if (gAuthPwdCode == AskPwdRetCancel) {
- burn(&newPassword, sizeof(newPassword));
+ MEM_BURN(&newPassword, sizeof(newPassword));
return EFI_NOT_READY;
}
if (newPassword.Length == confirmPassword.Length) {
@@ -591,8 +591,8 @@ SecRegionChangePwd() { ERR_PRINT(L"Update (%r)\n", Status);
ret: - burn(&newPassword, sizeof(newPassword)); - burn(&confirmPassword, sizeof(confirmPassword)); + MEM_BURN(&newPassword, sizeof(newPassword));
+ MEM_BURN(&confirmPassword, sizeof(confirmPassword));
return Status;
}
@@ -922,15 +922,15 @@ VirtualNotifyEvent( {
// Clean all sensible info and keys before transfer to OS
if (SecRegionCryptInfo != NULL) {
- burn(SecRegionCryptInfo, sizeof(*SecRegionCryptInfo));
+ MEM_BURN(SecRegionCryptInfo, sizeof(*SecRegionCryptInfo));
}
if (gRnd != NULL) {
- burn(gRnd, sizeof(*gRnd));
+ MEM_BURN(gRnd, sizeof(*gRnd));
}
if (SecRegionData != NULL) {
- burn(SecRegionData, SecRegionSize);
+ MEM_BURN(SecRegionData, SecRegionSize);
}
}
diff --git a/Include/Library/CommonLib.h b/Include/Library/CommonLib.h index 395d4c4..4f28e9b 100644 --- a/Include/Library/CommonLib.h +++ b/Include/Library/CommonLib.h @@ -32,6 +32,7 @@ https://opensource.org/licenses/LGPL-3.0 #define MEM_ALLOC MemAlloc
#define MEM_FREE MemFree
#define MEM_REALLOC MemRealloc
+#define MEM_BURN(ptr,count) do { volatile char *burnPtr = (volatile char *)(ptr); size_t burnCount = (size_t) count; while (burnCount--) *burnPtr++ = 0; } while (0)
VOID*
MemAlloc(
diff --git a/Library/DcsCfgLib/GptEdit.c b/Library/DcsCfgLib/GptEdit.c index a33d3ca..ea016f1 100644 --- a/Library/DcsCfgLib/GptEdit.c +++ b/Library/DcsCfgLib/GptEdit.c @@ -903,8 +903,8 @@ DeListPwdCacheEdit() DePwdCache->CRC = 0;
res =gBS->CalculateCrc32(DePwdCache, 512, &crc);
DePwdCache->CRC = crc;
- burn (&pwd, sizeof(pwd));
- burn (&pim, sizeof(pim));
+ MEM_BURN (&pwd, sizeof(pwd));
+ MEM_BURN (&pim, sizeof(pim));
return res;
}
diff --git a/Library/PasswordLib/ConsolePassword.c b/Library/PasswordLib/ConsolePassword.c index 1b8c48a..fc03d24 100644 --- a/Library/PasswordLib/ConsolePassword.c +++ b/Library/PasswordLib/ConsolePassword.c @@ -116,7 +116,7 @@ AskConsolePwdInt( } while (key.UnicodeChar != CHAR_CARRIAGE_RETURN);
if (length != NULL) *length = count;
- burn (&key, sizeof (key));
+ MEM_BURN (&key, sizeof (key));
// Set end of line
if (asciiLine != NULL) {
asciiLine[count] = '\0';
diff --git a/Library/PasswordLib/PicturePassword.c b/Library/PasswordLib/PicturePassword.c index 886ffcd..053a4ad 100644 --- a/Library/PasswordLib/PicturePassword.c +++ b/Library/PasswordLib/PicturePassword.c @@ -628,8 +628,8 @@ AskPictPwdInt( pwdAction = PwdActNone;
} while (TRUE);
- burn (&key, sizeof (key));
- burn (&pwdNewChar, sizeof (pwdNewChar));
+ MEM_BURN (&key, sizeof (key));
+ MEM_BURN (&pwdNewChar, sizeof (pwdNewChar));
gBS->CloseEvent(InputEvents[1]);
gBS->CloseEvent(UpdateEvent);
gBS->CloseEvent(BeepOffEvent);
|