Skip to content

Clear PIN buffer #737

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
metsma wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Clear PIN buffer #737

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions src/crypto/PKCS11Signer.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,8 @@ class PKCS11Signer::Private
void *h {};
#endif

~Private() { OPENSSL_cleanse(pin.data(), pin.size()); }

CK_FUNCTION_LIST *f {};
struct SignSlot
{
Expand Down Expand Up @@ -335,6 +337,7 @@ X509Cert PKCS11Signer::selectSigningCertificate(const vector<X509Cert> &certific
*/
void PKCS11Signer::setPin(const string &pin)
{
OPENSSL_cleanse(d->pin.data(), d->pin.size());
d->pin = pin;
}

Expand Down Expand Up @@ -382,6 +385,7 @@ vector<unsigned char> PKCS11Signer::sign(const string &method, const vector<unsi
{
string _pin = pin(d->sign.certificate);
rv = d->f->C_Login(session.handle, CKU_USER, CK_BYTE_PTR(_pin.c_str()), CK_ULONG(_pin.size()));
OPENSSL_cleanse(_pin.data(), _pin.size());
}
switch(rv)
{
Expand Down
4 changes: 4 additions & 0 deletions src/crypto/WinSigner.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,8 @@ class WinSigner::Private
static BOOL WINAPI CertFilter(PCCERT_CONTEXT cert_context,
PBOOL is_initial_selected_cert, PVOID callback_data);

~Private() { SecureZeroMemory(pin.data(), pin.size()); }

X509Cert cert;
HCRYPTPROV_OR_NCRYPT_KEY_HANDLE key {};
DWORD spec {};
Expand Down Expand Up @@ -219,6 +221,7 @@ string WinSigner::method() const
*/
void WinSigner::setPin(const string &pin)
{
SecureZeroMemory(d->pin.data(), d->pin.size());
d->pin = pin;
}

Expand Down Expand Up @@ -273,6 +276,7 @@ vector<unsigned char> WinSigner::sign(const string &method, const vector<unsigne
{
wstring pin = util::File::encodeName(d->pin);
err = NCryptSetProperty(d->key, NCRYPT_PIN_PROPERTY, PBYTE(pin.c_str()), DWORD(pin.size()), 0);
SecureZeroMemory(pin.data(), pin.size() * sizeof(wchar_t));
if(err != ERROR_SUCCESS)
break;
}
Expand Down
Loading