mirror of
https://github.com/keepassxreboot/keepassxc.git
synced 2024-12-27 00:09:53 -05:00
13eb1c0bbd
To reduce residual fragments of secret data in memory after deallocation, this patch replaces the global delete operator with a version that zeros out previously allocated memory. It makes use of the new C++14 sized deallocation, but provides an unsized fallback with platform-specific size deductions. This change is only a minor mitigation and cannot protect against buffer reallocations by the operating system or non-C++ libraries. Thus, we still cannot guarantee all memory to be wiped after free. As a further improvement, this patch uses libgcrypt and libsodium to write long-lived master key component hashes into a secure memory area and wipe it afterwards. The patch also fixes compiler flags not being set properly on macOS. |
||
|---|---|---|
| .. | ||
| drivers | ||
| ChallengeResponseKey.h | ||
| CompositeKey.cpp | ||
| CompositeKey.h | ||
| FileKey.cpp | ||
| FileKey.h | ||
| Key.h | ||
| PasswordKey.cpp | ||
| PasswordKey.h | ||
| YkChallengeResponseKey.cpp | ||
| YkChallengeResponseKey.h | ||