crypto_util.c 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106
  1. /* Copyright (c) 2001, Matej Pfajfar.
  2. * Copyright (c) 2001-2004, Roger Dingledine.
  3. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  4. * Copyright (c) 2007-2018, The Tor Project, Inc. */
  5. /* See LICENSE for licensing information */
  6. /**
  7. * \file crypto_util.c
  8. *
  9. * \brief Common cryptographic utilities.
  10. **/
  11. #define CRYPTO_UTIL_PRIVATE
  12. #include "lib/crypt_ops/crypto_util.h"
  13. #include "lib/cc/compat_compiler.h"
  14. #include <string.h>
  15. #ifdef _WIN32
  16. #include <winsock2.h>
  17. #include <windows.h>
  18. #include <wincrypt.h>
  19. #endif /* defined(_WIN32) */
  20. DISABLE_GCC_WARNING(redundant-decls)
  21. #include <openssl/err.h>
  22. #include <openssl/crypto.h>
  23. ENABLE_GCC_WARNING(redundant-decls)
  24. #include "lib/log/log.h"
  25. #include "lib/log/util_bug.h"
  26. /**
  27. * Destroy the <b>sz</b> bytes of data stored at <b>mem</b>, setting them to
  28. * the value <b>byte</b>.
  29. * If <b>mem</b> is NULL or <b>sz</b> is zero, nothing happens.
  30. *
  31. * This function is preferable to memset, since many compilers will happily
  32. * optimize out memset() when they can convince themselves that the data being
  33. * cleared will never be read.
  34. *
  35. * Right now, our convention is to use this function when we are wiping data
  36. * that's about to become inaccessible, such as stack buffers that are about
  37. * to go out of scope or structures that are about to get freed. (In
  38. * practice, it appears that the compilers we're currently using will optimize
  39. * out the memset()s for stack-allocated buffers, but not those for
  40. * about-to-be-freed structures. That could change, though, so we're being
  41. * wary.) If there are live reads for the data, then you can just use
  42. * memset().
  43. */
  44. void
  45. memwipe(void *mem, uint8_t byte, size_t sz)
  46. {
  47. if (sz == 0) {
  48. return;
  49. }
  50. /* If sz is nonzero, then mem must not be NULL. */
  51. tor_assert(mem != NULL);
  52. /* Data this large is likely to be an underflow. */
  53. tor_assert(sz < SIZE_T_CEILING);
  54. /* Because whole-program-optimization exists, we may not be able to just
  55. * have this function call "memset". A smart compiler could inline it, then
  56. * eliminate dead memsets, and declare itself to be clever. */
  57. #if defined(SecureZeroMemory) || defined(HAVE_SECUREZEROMEMORY)
  58. /* Here's what you do on windows. */
  59. SecureZeroMemory(mem,sz);
  60. #elif defined(HAVE_RTLSECUREZEROMEMORY)
  61. RtlSecureZeroMemory(mem,sz);
  62. #elif defined(HAVE_EXPLICIT_BZERO)
  63. /* The BSDs provide this. */
  64. explicit_bzero(mem, sz);
  65. #elif defined(HAVE_MEMSET_S)
  66. /* This is in the C99 standard. */
  67. memset_s(mem, sz, 0, sz);
  68. #else
  69. /* This is a slow and ugly function from OpenSSL that fills 'mem' with junk
  70. * based on the pointer value, then uses that junk to update a global
  71. * variable. It's an elaborate ruse to trick the compiler into not
  72. * optimizing out the "wipe this memory" code. Read it if you like zany
  73. * programming tricks! In later versions of Tor, we should look for better
  74. * not-optimized-out memory wiping stuff...
  75. *
  76. * ...or maybe not. In practice, there are pure-asm implementations of
  77. * OPENSSL_cleanse() on most platforms, which ought to do the job.
  78. **/
  79. OPENSSL_cleanse(mem, sz);
  80. #endif /* defined(SecureZeroMemory) || defined(HAVE_SECUREZEROMEMORY) || ... */
  81. /* Just in case some caller of memwipe() is relying on getting a buffer
  82. * filled with a particular value, fill the buffer.
  83. *
  84. * If this function gets inlined, this memset might get eliminated, but
  85. * that's okay: We only care about this particular memset in the case where
  86. * the caller should have been using memset(), and the memset() wouldn't get
  87. * eliminated. In other words, this is here so that we won't break anything
  88. * if somebody accidentally calls memwipe() instead of memset().
  89. **/
  90. memset(mem, byte, sz);
  91. }