From b17ea48c568f9b8e86700cc28c21710be308ebae Mon Sep 17 00:00:00 2001
From: Guillaume Roguez <guillaume.roguez@savoirfairelinux.com>
Date: Thu, 13 Jul 2017 01:25:10 -0400
Subject: [PATCH] security: introduce secure memory wipe function

Add secure memory wipe functions, C and C++ callable.
Could be used to erase sensitive informations from memory.
Note: use SecureZeroMemory() on Win32.

Change-Id: If5e4f44b500af8aa44e4bc52636be4e577243258
---
 src/security/Makefile.am |  4 +++-
 src/security/memory.cpp  | 49 ++++++++++++++++++++++++++++++++++++++++
 src/security/memory.h    | 46 +++++++++++++++++++++++++++++++++++++
 3 files changed, 98 insertions(+), 1 deletion(-)
 create mode 100644 src/security/memory.cpp
 create mode 100644 src/security/memory.h

diff --git a/src/security/Makefile.am b/src/security/Makefile.am
index 87ae2f1826..382d357323 100644
--- a/src/security/Makefile.am
+++ b/src/security/Makefile.am
@@ -9,4 +9,6 @@ libsecurity_la_SOURCES = \
 		tlsvalidator.cpp \
 		tlsvalidator.h \
 		certstore.cpp \
-		certstore.h
+		certstore.h \
+		memory.cpp \
+		memory.h
diff --git a/src/security/memory.cpp b/src/security/memory.cpp
new file mode 100644
index 0000000000..ba79d9d4d6
--- /dev/null
+++ b/src/security/memory.cpp
@@ -0,0 +1,49 @@
+/*
+ *  Copyright (C) 2017 Savoir-faire Linux Inc.
+ *
+ *  Author: Guillaume Roguez <guillaume.roguez@savoirfairelinux.com>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301 USA.
+ */
+
+#include "memory.h"
+
+#ifdef _WIN32
+#include <windows.h>
+#include <wincrypt.h>
+#endif
+
+#include <algorithm>
+
+namespace ring { namespace secure {
+
+void
+memzero(void* ptr, std::size_t length)
+{
+#ifdef _WIN32
+    SecureZeroMemory(ptr, length);
+#else
+    volatile auto* p = static_cast<unsigned char*>(ptr);
+    std::fill_n(p, length, 0);
+#endif
+}
+
+}}
+
+extern "C" void
+ring_secure_memzero(void* ptr, size_t length)
+{
+    ring::secure::memzero(ptr, length);
+}
diff --git a/src/security/memory.h b/src/security/memory.h
new file mode 100644
index 0000000000..067166f4a8
--- /dev/null
+++ b/src/security/memory.h
@@ -0,0 +1,46 @@
+/*
+ *  Copyright (C) 2017 Savoir-faire Linux Inc.
+ *
+ *  Author: Guillaume Roguez <guillaume.roguez@savoirfairelinux.com>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301 USA.
+ */
+
+#pragma once
+
+#ifdef __cplusplus
+#include <cstddef>
+#else
+#include <stddef.h>
+#endif
+
+// C-callable versions of C++ APIs.
+#ifdef __cplusplus
+namespace { extern "C" {
+#endif
+
+void ring_secure_memzero(void* ptr, size_t length);
+
+#ifdef __cplusplus
+}; }
+
+namespace ring { namespace secure {
+
+/// Erase with \a size '0' the given memory starting at \a ptr pointer.
+void memzero(void* ptr, std::size_t length);
+
+}}
+
+#endif // __cplusplus
-- 
GitLab