diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2007-09-10 12:16:24 +0000 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2007-09-10 12:16:24 +0000 |
| commit | bb3d6c3dbecd32c977a9bde387290ae5aa1cee91 (patch) | |
| tree | 1de53641adbd08b05214c13c232c07174e9f010b /src | |
| parent | e7d9fa7f983d9ff45e0d3dd9701d519ea997b27e (diff) | |
| download | strongswan-bb3d6c3dbecd32c977a9bde387290ae5aa1cee91.tar.bz2 strongswan-bb3d6c3dbecd32c977a9bde387290ae5aa1cee91.tar.xz | |
the new function chunk_free_randomized() overwrites the contents of a chunk with pseudo-random bytes before freeing it
Diffstat (limited to 'src')
| -rw-r--r-- | src/libstrongswan/chunk.c | 22 | ||||
| -rw-r--r-- | src/libstrongswan/chunk.h | 5 |
2 files changed, 27 insertions, 0 deletions
diff --git a/src/libstrongswan/chunk.c b/src/libstrongswan/chunk.c index d70e1723f..9134b5af9 100644 --- a/src/libstrongswan/chunk.c +++ b/src/libstrongswan/chunk.c @@ -28,6 +28,7 @@ #include <debug.h> #include <printf_hook.h> +#include <utils/randomizer.h> /** * Empty chunk. @@ -260,6 +261,27 @@ void chunk_free(chunk_t *chunk) /** * Described in header. */ +void chunk_free_randomized(chunk_t *chunk) +{ + if (chunk->ptr) + { + if (chunk->len > 0) + { + randomizer_t *randomizer = randomizer_create(); + + randomizer->get_pseudo_random_bytes(randomizer, + chunk->len, chunk->ptr); + randomizer->destroy(randomizer); + }; + free(chunk->ptr); + chunk->ptr = NULL; + } + chunk->len = 0; +} + +/** + * Described in header. + */ chunk_t chunk_skip(chunk_t chunk, size_t bytes) { if (chunk.len > bytes) diff --git a/src/libstrongswan/chunk.h b/src/libstrongswan/chunk.h index a13ccfc22..70dc2ce44 100644 --- a/src/libstrongswan/chunk.h +++ b/src/libstrongswan/chunk.h @@ -89,6 +89,11 @@ bool chunk_write(chunk_t chunk, const char *path, const char *label, mode_t mask void chunk_free(chunk_t *chunk); /** + * Overwrite the contents of a chunk with pseudo-random bytes and free them + */ +void chunk_free_randomized(chunk_t *chunk); + +/** * Initialize a chunk to point to buffer inspectable by sizeof() */ #define chunk_from_buf(str) { str, sizeof(str) } |