diff options
| -rw-r--r-- | src/common/password.cpp | 7 | ||||
| -rw-r--r-- | src/crypto/chacha8.h | 5 |
2 files changed, 8 insertions, 4 deletions
diff --git a/src/common/password.cpp b/src/common/password.cpp index 5d56464a5..01eaf62e1 100644 --- a/src/common/password.cpp +++ b/src/common/password.cpp @@ -46,6 +46,8 @@ #include "readline_buffer.h" #endif +#include "common/memwipe.h" + namespace { #if defined(_WIN32) @@ -163,8 +165,9 @@ namespace void clear(std::string& pass) noexcept { - //! TODO Call a memory wipe function that hopefully is not optimized out - pass.replace(0, pass.capacity(), pass.capacity(), '\0'); + // technically, the std::string documentation says the data should not be modified, + // but there seems to be no way to get a non const raw pointer to the data + memwipe((void*)pass.data(), pass.size()); pass.clear(); } diff --git a/src/crypto/chacha8.h b/src/crypto/chacha8.h index 80557e9f5..1bf695731 100644 --- a/src/crypto/chacha8.h +++ b/src/crypto/chacha8.h @@ -39,6 +39,7 @@ #if defined(__cplusplus) #include <memory.h> +#include "common/memwipe.h" #include "hash.h" namespace crypto { @@ -54,7 +55,7 @@ namespace crypto { ~chacha8_key() { - memset(data, 0, sizeof(data)); + memwipe(data, sizeof(data)); } }; @@ -75,7 +76,7 @@ namespace crypto { char pwd_hash[HASH_SIZE]; crypto::cn_slow_hash(data, size, pwd_hash); memcpy(&key, pwd_hash, sizeof(key)); - memset(pwd_hash, 0, sizeof(pwd_hash)); + memwipe(pwd_hash, sizeof(pwd_hash)); } inline void generate_chacha8_key(std::string password, chacha8_key& key) { |