diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2021-07-15 00:19:57 +0200 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2021-07-15 00:21:17 +0200 |
commit | 2e32adf625b0f3ee1e5859163011e81d3f17a89b (patch) | |
tree | 2ca211699676aaa9fc3c1fcfcb01db911b9c3154 /src/Common | |
parent | fdf7888ab3675a267e06e2f3acceeedfa5b74f62 (diff) | |
download | VeraCrypt-2e32adf625b0f3ee1e5859163011e81d3f17a89b.tar.gz VeraCrypt-2e32adf625b0f3ee1e5859163011e81d3f17a89b.zip |
Windows: Avoid leaking sensitive values in work item of threads pool
Diffstat (limited to 'src/Common')
-rw-r--r-- | src/Common/EncryptionThreadPool.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/Common/EncryptionThreadPool.c b/src/Common/EncryptionThreadPool.c index 32782bdc..dce01733 100644 --- a/src/Common/EncryptionThreadPool.c +++ b/src/Common/EncryptionThreadPool.c @@ -275,6 +275,12 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg) TC_THROW_FATAL_EXCEPTION; } +#if !defined(DEVICE_DRIVER) + burn (workItem->KeyDerivation.Password, sizeof(workItem->KeyDerivation.Password)); + burn (workItem->KeyDerivation.Salt, sizeof(workItem->KeyDerivation.Salt)); + VirtualUnlock (&workItem->KeyDerivation, sizeof (workItem->KeyDerivation)); +#endif + InterlockedExchange (workItem->KeyDerivation.CompletionFlag, TRUE); TC_SET_EVENT (*workItem->KeyDerivation.CompletionEvent); @@ -510,6 +516,11 @@ void EncryptionThreadPoolStop () for (i = 0; i < sizeof (WorkItemQueue) / sizeof (WorkItemQueue[0]); ++i) { +#if !defined(DEVICE_DRIVER) + burn (WorkItemQueue[i].KeyDerivation.Password, sizeof(WorkItemQueue[i].KeyDerivation.Password)); + burn (WorkItemQueue[i].KeyDerivation.Salt, sizeof(WorkItemQueue[i].KeyDerivation.Salt)); + VirtualUnlock (&WorkItemQueue[i].KeyDerivation, sizeof (WorkItemQueue[i].KeyDerivation)); +#endif if (WorkItemQueue[i].ItemCompletedEvent) CloseHandle (WorkItemQueue[i].ItemCompletedEvent); } @@ -538,6 +549,9 @@ void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT } workItem->Type = DeriveKeyWork; +#if !defined(DEVICE_DRIVER) + VirtualLock (&workItem->KeyDerivation, sizeof (workItem->KeyDerivation)); +#endif workItem->KeyDerivation.CompletionEvent = completionEvent; workItem->KeyDerivation.CompletionFlag = completionFlag; workItem->KeyDerivation.DerivedKey = derivedKey; |