From 3ddc4814224cabe796b0451de067bf42a323972f Mon Sep 17 00:00:00 2001 From: Didactic Drunk <1479616+didactic-drunk@users.noreply.github.com> Date: Mon, 14 Jun 2021 01:32:27 -0700 Subject: [PATCH] Implement secure wipe --- src/crypto-secret/secret.cr | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/crypto-secret/secret.cr b/src/crypto-secret/secret.cr index 6d4614f..4d0d2af 100644 --- a/src/crypto-secret/secret.cr +++ b/src/crypto-secret/secret.cr @@ -1,5 +1,16 @@ require "crypto/subtle" +lib LibC + fun explicit_bzero(Void*, LibC::SizeT) : Int +end + +struct Slice(T) + def wipe + r = LibC.explicit_bzero slice.to_unsafe, slice.bytesize + raise RunTimeError.from_errno("explicit_bzero") if r != 0 + end +end + # Interface to hold sensitive information (often cryptographic keys) # # **Only for direct use by cryptographic library authors** @@ -54,7 +65,9 @@ module Crypto::Secret end def wipe - # Todo: implement wiping. Needs crystal support + readwrite do |slice| + slice.wipe + end end # Secret is wiped after exiting the block