Merge pull request #501 from paoloteti/memzero

[IMPROVED] crypto: effectively zeroize mem. content
nats-io · Jan 10, 2022 · 24729b2 · 24729b2
2 parents fccfc6c + ab43657
commit 24729b2
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 3 deletions.
diff --git a/src/crypto.c b/src/crypto.c
@@ -462,6 +462,28 @@ cryptoSign(unsigned char *sm,
   modL(sm + 32,x);
 }
 
+// secure_memzero() tries to effectively set to zero a given number
+// of bytes, even if optimizations are applied to the code.
+// Code derived from sodium_memzero()
+static void
+secure_memzero(void * const pnt, const size_t len)
+{
+#ifdef _WIN32
+    SecureZeroMemory(pnt, len);
+#elif defined(HAVE_EXPLICIT_BZERO)
+    explicit_bzero(pnt, len);
+#elif defined(HAVE_EXPLICIT_MEMSET)
+    explicit_memset(pnt, 0, len);
+#else
+    volatile unsigned char *volatile p =
+        (volatile unsigned char *volatile) pnt;
+    size_t i;
+    for (i = 0; i < len; i++) {
+        p[i] = 0;
+    }
+#endif
+}
+
 natsStatus
 natsCrypto_Init()
 {
@@ -483,16 +505,16 @@ natsCrypto_Sign(const unsigned char *seed,
     newKeyFromSeed(seed, sk);
     cryptoSign((unsigned char*) sm, input, inputLen, sk);
     memcpy(signature, sm, NATS_CRYPTO_SIGN_BYTES);
-    memset((void*) sm, 0, NATS_CRYPTO_SIGN_BYTES);
-    memset((void*) sk, 0, sizeof(sk));
+    secure_memzero((void*) sm, NATS_CRYPTO_SIGN_BYTES);
+    secure_memzero((void*) sk, sizeof(sk));
     NATS_FREE(sm);
     return NATS_OK;
 }
 
 void
 natsCrypto_Clear(void *mem, int memLen)
 {
-    memset(mem, 0, (size_t) memLen);
+    secure_memzero(mem, (size_t) memLen);
 }
 
 #endif
diff --git a/src/mem.h b/src/mem.h
@@ -27,5 +27,30 @@
 #endif
 #define NATS_FREE(p)        free((p))
 
+// GNU C Library version 2.25 or later.
+#if defined(__GLIBC__) && \
+    (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 25))
+#define HAVE_EXPLICIT_BZERO 1
+#endif
+
+// Newlib
+#if defined(__NEWLIB__)
+#define HAVE_EXPLICIT_BZERO 1
+#endif
+
+// FreeBSD version 11.0 or later.
+#if defined(__FreeBSD__) && __FreeBSD_version >= 1100037
+#define HAVE_EXPLICIT_BZERO 1
+#endif
+
+// OpenBSD version 5.5 or later.
+#if defined(__OpenBSD__) && OpenBSD >= 201405
+#define HAVE_EXPLICIT_BZERO 1
+#endif
+
+// NetBSD version 7.2 or later.
+#if defined(__NetBSD__) && __NetBSD_Version__ >= 702000000
+#define HAVE_EXPLICIT_MEMSET 1
+#endif
 
 #endif /* MEM_H_ */