projects / tinc / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: efca416) | patch
Wipe (some) secrets from memory after use
authorKirill Isakov <bootctl@gmail.com>
Fri, 22 Apr 2022 12:33:52 +0000 (18:33 +0600)
committerGuus Sliepen <guus@tinc-vpn.org>
Fri, 22 Apr 2022 20:22:18 +0000 (22:22 +0200)
commitc44b08613508c993e7fd9f625e0b1b4775efffed
treea159738da3903a4aae2259f8ef67890f9d5fa1cctree | snapshot
parentefca41606d4083eade90047d57cb963eb3b7e731commit | diff
Wipe (some) secrets from memory after use

to lessen the amount of sensitive information ending up in swap, core
dumps, or in the hands of any remote attackers.

While there still remaings a lot interesting data in configuration trees,
connection_t structs, etc, this is considered a good practice nevertheless.

Some bedtime reading:

- http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html
- http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html
- https://github.com/jedisct1/libsodium/blob/be58b2e6664389d9c7993b55291402934b43b3ca/src/libsodium/sodium/utils.c#L78:L101
33 files changed:
src/chacha-poly1305/chacha-poly1305.c diff | blob | history
src/chacha-poly1305/chacha-poly1305.h diff | blob | history
src/conf.c diff | blob | history
src/ed25519/ecdh.c diff | blob | history
src/ed25519/ecdsa.c diff | blob | history
src/ed25519/ecdsagen.c diff | blob | history
src/edge.c diff | blob | history
src/gcrypt/cipher.c diff | blob | history
src/gcrypt/digest.c diff | blob | history
src/gcrypt/rsa.c diff | blob | history
src/gcrypt/rsagen.c diff | blob | history
src/have.h diff | blob | history
src/invitation.c diff | blob | history
src/keys.c diff | blob | history
src/meson.build diff | blob | history
src/net_setup.c diff | blob | history
src/node.c diff | blob | history
src/openssl/rsa.c diff | blob | history
src/protocol.c diff | blob | history
src/protocol_auth.c diff | blob | history
src/protocol_key.c diff | blob | history
src/script.c diff | blob | history
src/sptps.c diff | blob | history
src/sptps.h diff | blob | history
src/sptps_keypair.c diff | blob | history
src/sptps_test.c diff | blob | history
src/utils.c diff | blob | history
src/utils.h diff | blob | history
src/xalloc.h diff | blob | history
test/unit/meson.build diff | blob | history
test/unit/test_memzero_null.c [new file with mode: 0644] blob
test/unit/test_random_noinit.c diff | blob | history
test/unit/test_xalloc.c [new file with mode: 0644] blob
tinc, the VPN daemon