A few little security things and code reformat.

2025-06-14 08:23:45 +02:00 · 2022-05-21 11:53:25 -04:00 · 2022-05-21 11:53:25 -04:00 · 9cc36aee0f
commit 9cc36aee0f
parent 0e44723c1d
3 changed files with 26 additions and 18 deletions
--- a/zerotier-core-crypto/src/salsa.rs
+++ b/zerotier-core-crypto/src/salsa.rs
@ -51,8 +51,24 @@ impl<const ROUNDS: usize> Salsa<ROUNDS> {
    }

    pub fn crypt(&mut self, mut plaintext: &[u8], mut ciphertext: &mut [u8]) {
-        let (j0, j1, j2, j3, j4, j5, j6, j7, mut j8, mut j9, j10, j11, j12, j13, j14, j15) =
-            (self.state[0], self.state[1], self.state[2], self.state[3], self.state[4], self.state[5], self.state[6], self.state[7], self.state[8], self.state[9], self.state[10], self.state[11], self.state[12], self.state[13], self.state[14], self.state[15]);
+        let (j0, j1, j2, j3, j4, j5, j6, j7, mut j8, mut j9, j10, j11, j12, j13, j14, j15) = (
+            self.state[0],
+            self.state[1],
+            self.state[2],
+            self.state[3],
+            self.state[4],
+            self.state[5],
+            self.state[6],
+            self.state[7],
+            self.state[8],
+            self.state[9],
+            self.state[10],
+            self.state[11],
+            self.state[12],
+            self.state[13],
+            self.state[14],
+            self.state[15],
+        );
        loop {
            let (mut x0, mut x1, mut x2, mut x3, mut x4, mut x5, mut x6, mut x7, mut x8, mut x9, mut x10, mut x11, mut x12, mut x13, mut x14, mut x15) = (j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15);

--- a/zerotier-core-crypto/src/secret.rs
+++ b/zerotier-core-crypto/src/secret.rs
@ -6,8 +6,12 @@
 * https://www.zerotier.com/
 */

+use std::ffi::c_void;
 use std::mem::MaybeUninit;
-use std::ptr::write_volatile;
+
+extern "C" {
+    fn OPENSSL_cleanse(ptr: *mut c_void, len: usize);
+}

 /// Container for secrets that clears them on drop.
 ///
@ -49,12 +53,10 @@ impl<const L: usize> Secret<L> {
 }

 impl<const L: usize> Drop for Secret<L> {
+    #[inline(always)]
    fn drop(&mut self) {
-        unsafe {
-            for i in 0..L {
-                write_volatile(self.0.as_mut_ptr().add(i), 0_u8);
-            }
-        }
+        unsafe { OPENSSL_cleanse(self.0.as_mut_ptr().cast(), L) };
+        std::sync::atomic::fence(std::sync::atomic::Ordering::SeqCst);
    }
 }

--- a/zerotier-network-hypervisor/src/util/mod.rs
+++ b/zerotier-network-hypervisor/src/util/mod.rs
@ -23,16 +23,6 @@ pub(crate) fn byte_array_range<const A: usize, const START: usize, const LEN: us
    unsafe { &*a.as_ptr().add(START).cast::<[u8; LEN]>() }
 }

-/// Non-cryptographic 64-bit bit mixer for things like local hashing.
-#[inline(always)]
-pub(crate) fn hash64_noncrypt(mut x: u64) -> u64 {
-    x ^= x.wrapping_shr(30);
-    x = x.wrapping_mul(0xbf58476d1ce4e5b9);
-    x ^= x.wrapping_shr(27);
-    x = x.wrapping_mul(0x94d049bb133111eb);
-    x ^ x.wrapping_shr(31)
-}
-
 /// A super-minimal hasher for u64 keys for keys already fairly randomly distributed like addresses and network IDs.
 #[derive(Copy, Clone)]
 pub(crate) struct U64NoOpHasher(u64);