Implement and use secure memset to clear sensitive buffers.
Ordinary memset can be optimized away, leaking sensitive data to other
processes.
Change-Id: If4b51e342ef1f21d7e5fa8907bb0534b17bf295b
diff --git a/key_blob.cpp b/key_blob.cpp
index 451ecae..101d158 100644
--- a/key_blob.cpp
+++ b/key_blob.cpp
@@ -136,7 +136,7 @@
if (ae_err == AE_INVALID) {
// Authentication failed! Decryption probably succeeded(ish), but we don't want to return
// any data when the authentication fails, so clear it.
- memset(key_material_.get(), 0, key_material_length());
+ memset_s(key_material_.get(), 0, key_material_length());
error_ = KM_ERROR_INVALID_KEY_BLOB;
return;
} else if (ae_err < 0) {
@@ -192,7 +192,7 @@
AE_SUCCESS)
return ctx.release();
else {
- memset(ctx.get(), 0, ae_ctx_sizeof());
+ memset_s(ctx.get(), 0, ae_ctx_sizeof());
return NULL;
}
}