This repository has been archived by the owner on Mar 6, 2020. It is now read-only.
Securely zero key material before freeing memory #10
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It is a good security practice to wipe sensitive data from memory as soon as it no longer needed. Obviously, the data has to be in memory for some time but we should not keep it around for more than absolutely necessary. The data in a memory region is not erased when the memory is freed so we have to make sure it's gone ourselves.
Initially I was overconfident and tried writing my own zeroing. Don't do this, kids. There's a whole load of issues that need to be resolved in order to securely zero out a memory region. You can read the implementation details in the source code of "zeroize" or elsewhere.
Therefore we use a dedicated library for the task. It makes sure that the compiler does not optimize away the code that tries its best to write zeros into the main memory (not the caches). Currently zeroize does not use these fancy functions like
memset_s()
,explicit_bzero()
,RtlSecureZeroMemory()
, etc. but it might it the future.There's also a test to verify that the memory is indeed zeroed out. By definition, the test contains some technically unsafe code, but it's unlikely to crash or misbehave.
@Lagovas was concerned about this feature in cossacklabs/themis#340. These changes will be included in the next bulk PR into the main Themis repository (along with other stuff).