Changeset 5990


Ignore:
Timestamp:
May 15, 2019 2:43:01 AM (14 months ago)
Author:
nanang
Message:

Close #2179: Wipe out memory used for storing SSL keys before released.

Location:
pjproject/trunk/pjlib
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • pjproject/trunk/pjlib/include/pj/pool.h

    r5980 r5990  
    398398 
    399399/** 
     400 * Release the pool back to pool factory and set the pool pointer to zero. 
     401 * The memory pool content will be wiped out first before released. 
     402 * 
     403 * @param ppool     Pointer to memory pool. 
     404 */ 
     405PJ_IDECL(void) pj_pool_secure_release( pj_pool_t **ppool ); 
     406 
     407 
     408/** 
    400409 * Get pool object name. 
    401410 * 
  • pjproject/trunk/pjlib/include/pj/pool_i.h

    r5534 r5990  
    101101        pj_pool_release(pool); 
    102102} 
     103 
     104PJ_IDEF(void) pj_pool_secure_release( pj_pool_t **ppool ) 
     105{ 
     106    pj_pool_block *b; 
     107    pj_pool_t *pool = *ppool; 
     108    *ppool = NULL; 
     109 
     110    if (!pool) 
     111        return; 
     112 
     113    b = pool->block_list.next; 
     114    while (b != &pool->block_list) { 
     115        volatile unsigned char *p = b->buf; 
     116        while (p < b->end) *p++ = 0; 
     117        b = b->next; 
     118    } 
     119 
     120    pj_pool_release(pool); 
     121} 
  • pjproject/trunk/pjlib/src/pj/ssl_sock_imp_common.c

    r5980 r5990  
    597597} 
    598598 
     599 
     600static void wipe_buf(pj_str_t *buf) 
     601{ 
     602    volatile char *p = buf->ptr; 
     603    pj_ssize_t len = buf->slen; 
     604    while (len--) *p++ = 0; 
     605    buf->slen = 0; 
     606} 
     607 
     608static void wipe_cert_buffer(pj_ssl_cert_t *cert) 
     609{ 
     610    wipe_buf(&cert->CA_file); 
     611    wipe_buf(&cert->CA_path); 
     612    wipe_buf(&cert->cert_file); 
     613    wipe_buf(&cert->privkey_file); 
     614    wipe_buf(&cert->privkey_pass); 
     615    wipe_buf(&cert->CA_buf); 
     616    wipe_buf(&cert->cert_buf); 
     617    wipe_buf(&cert->privkey_buf); 
     618} 
     619 
    599620static void ssl_on_destroy(void *arg) 
    600621{ 
     
    614635    } 
    615636 
    616     pj_pool_safe_release(&ssock->pool); 
     637    /* Wipe out cert & key buffer, note that they may not be allocated 
     638     * using SSL socket memory pool. 
     639     */ 
     640    if (ssock->cert) { 
     641        wipe_cert_buffer(ssock->cert); 
     642    } 
     643 
     644    /* Secure release pool, i.e: all memory blocks will be zeroed first */ 
     645    pj_pool_secure_release(&ssock->pool); 
    617646} 
    618647 
  • pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c

    r5980 r5990  
    10521052    } 
    10531053 
     1054    /* Early sensitive data cleanup after OpenSSL context setup. However, 
     1055     * this cannot be done for listener sockets, as the data will still 
     1056     * be needed by accepted sockets. 
     1057     */ 
     1058    if (cert && (!ssock->is_server || ssock->parent)) { 
     1059        wipe_cert_buffer(cert); 
     1060    } 
     1061 
    10541062    /* Create SSL instance */ 
    10551063    ossock->ossl_ctx = ctx; 
Note: See TracChangeset for help on using the changeset viewer.