This project has moved. For the latest updates, please go here.

burn!

Topics: Feature Requests, Technical Issues
Dec 13, 2015 at 3:09 PM
Hi, was checking out veracrypt's source and saw your burn function, it is nice that you guys are using RTLSecureZeroMemory for windows, but have a custom made memset_s for non windows systems.

I am currently working on a patch for the "others", which would be faster than the custom cooked you guys have. E.g, explicit_bzero for freebsd, openbsd and memset_s for mac OSX and netbsd which is already in libc. There is also a patch in progress in linux for memset_s.

Would it be something that you guys could consider to add if i submit the patch?
I already have a patch in progress.

Thanks,
selven [ at ] hackers mu
Coordinator
Dec 13, 2015 at 3:23 PM
Hi,

Thank you for your proposal. Indeed such patch will be welcomed.
Once you have a working patch, you can create a pull request so it can be reviewed and merged.
Dec 15, 2015 at 3:54 PM
hi, for OSX I was testing/building, and realized that it can't be built without sdk 10.7, which kind of kills the the thrill :(, memset_s isn't yet defined in 10.7, but on end 2012 sdks it is recognized, are the fuse issues that you mentioned earlier something that occurs even with sdk 10.9 ?

Thanks,
Dec 16, 2015 at 3:12 PM
in the mean time, here's a few issues where burn would be preferable to a direct memset call which is optimized away (in case of passwords clearing and keys, its better to play safe and use burn that you already have).

https://sourceforge.net/p/veracrypt/code/merge-requests/3/
Coordinator
Dec 16, 2015 at 7:34 PM
Hi pirabarlen,

I have rejected the merge request above because the memset calls can not be optimized by the compiler: the buffers involved are used right after. A compiler will never remove these memset calls otherwise it will change the logic of the program. An optimization occur when the buffer in question is not used after. This is not the case here.

Concerning OSX, you can use any SDK as explained in Readme.txt that is present in the src folder: https://veracrypt.codeplex.com/SourceControl/latest#src/Readme.txt
Go to section "Mac OS X specifics:" and you'll find how to change the target SDK.

For your information, the official VeraCrypt OSX binary is build using 10.6 SDK for maximum compatibility.