Skip to content

Commit

Permalink
crypto: Use OPENSSL_cleanse to shred the data.
Browse files Browse the repository at this point in the history
memset() is not useful here, it's efficiently a noop.

PR-URL: #2575
Reviewed-By: Fedor Indutny <[email protected]>
  • Loading branch information
ChALkeR authored and rvagg committed Aug 28, 2015
1 parent 5e65181 commit e955f9a
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -4721,8 +4721,8 @@ void EIO_PBKDF2(PBKDF2Request* req) {
req->digest(),
req->keylen(),
reinterpret_cast<unsigned char*>(req->key())));
memset(req->pass(), 0, req->passlen());
memset(req->salt(), 0, req->saltlen());
OPENSSL_cleanse(req->pass(), req->passlen());
OPENSSL_cleanse(req->salt(), req->saltlen());
}


Expand All @@ -4736,7 +4736,7 @@ void EIO_PBKDF2After(PBKDF2Request* req, Local<Value> argv[2]) {
if (req->error()) {
argv[0] = Undefined(req->env()->isolate());
argv[1] = Encode(req->env()->isolate(), req->key(), req->keylen(), BUFFER);
memset(req->key(), 0, req->keylen());
OPENSSL_cleanse(req->key(), req->keylen());
} else {
argv[0] = Exception::Error(req->env()->pbkdf2_error_string());
argv[1] = Undefined(req->env()->isolate());
Expand Down

0 comments on commit e955f9a

Please sign in to comment.