Use OPENSSL_cleanse() to set memory to zero, else use srtp_cleanse()
This is regarding issue #157
After discussing this internally I was pointed towards this portable
"secure" memset-like function and implemented srtp_cleanse() based on
it. octet_string_set_to_zero() now delegates to OPENSSL_cleanse() if
available, if not it will delegate to srtp_cleanse().
The reason for the quoutation marks is that it is AFAIK not possible
to find a portable and guaranteed way to zero a range of addresses in
all possible situations because the language is not designed for this.
As an example we can have a scope with an object with automatic storage
duration:
int main()
{
{
int foo = 42;
printf("%d", foo);
srtp_cleanse(&foo, sizeof foo);
}
}
Some compilers (I tested gcc 6.2.0 and clang 3.8 with -O3 -std=c11 -S)
will not optimize this away, but that is not a guarantee from the
language, it is just how the compiler behaves in this specific case.
Since there is no guarantee from the language we cannot assume this
behaviour from all compilers, across all platforms in all cases.
The srtp_cleanse() function was the end result for another Cisco
library [1] and some info can be found in [2]. [3] provides a discussion
about OPENSSL_cleanse() which also touches on the problem in general and
mentions Microsoft's SecureZeroMemory() and memset_s() as well.
[1] https://github.com/cisco/libfnr/blob/master/src/fnr.c
[2] https://cryptocoding.net/index.php/Coding_rules#Clean_memory_of_secret_data
[3] http://stackoverflow.com/questions/26433772/why-does-openssl-cleanse-look-so-complex-and-thread-unsafe
10 files changed