2 Commits

Author SHA1 Message Date
Jonathan White
2ee97ed191 Code formatting 2019-05-19 18:21:34 -04:00
Janek Bevendorff
13eb1c0bbd Improve resilience against memory attacks
To reduce residual fragments of secret data in memory after
deallocation, this patch replaces the global delete operator with a
version that zeros out previously allocated memory. It makes use of
the new C++14 sized deallocation, but provides an unsized fallback
with platform-specific size deductions.

This change is only a minor mitigation and cannot protect against
buffer reallocations by the operating system or non-C++ libraries.
Thus, we still cannot guarantee all memory to be wiped after free.

As a further improvement, this patch uses libgcrypt and libsodium
to write long-lived master key component hashes into a secure
memory area and wipe it afterwards.

The patch also fixes compiler flags not being set properly on macOS.
2019-04-21 09:39:28 -04:00