gtksecurememory.c: Port secure memory allocation to Windows

Use the Windows API CryptProtectMemory() to encrypt the data that we want to
secure, and use CryptUnprotectMemory() to de-crypt the secured data that we
want to access, since mmap() and mlock() are not available on Windows.

diff --git a/gtk/gtksecurememory.c b/gtk/gtksecurememory.c
index 5e3978ec282a6baa46e52fcbafc7349022b5ed61..15ce9e0b857ef9cb54e66de584b8aa6f8584327f 100644 (file)
--- a/gtk/gtksecurememory.c
+++ b/gtk/gtksecurememory.c
@@ -84,6 +84,12 @@ typedef struct {
 
 #include <glib.h>
 
+#ifdef G_OS_WIN32
+# define WIN32_LEAN_AND_MEAN
+# include <windows.h>
+# include <dpapi.h> /* for CryptProtectMemory() */
+#endif
+
 #define GTK_SECURE_POOL_VER_STR             "1.0"
 
 static int show_warning = 1;
@@ -940,6 +946,33 @@ sec_acquire_pages (size_t *sz,
        show_warning = 1;
        return pages;
 
+#elif defined G_OS_WIN32
+       /* Make sure sz is a multiple of CRYPTPROTECTMEMORY_BLOCK_SIZE in wincrypt.h */
+       *sz = (*sz + CRYPTPROTECTMEMORY_BLOCK_SIZE - 1) & ~(CRYPTPROTECTMEMORY_BLOCK_SIZE - 1);
+
+       void *data = (void *) LocalAlloc (LPTR, *sz);
+
+       if (data == NULL) {
+               if (show_warning && gtk_secure_warnings)
+                       fprintf (stderr, "couldn't allocate %lu bytes of memory (%s): %#010X\n",
+                                (unsigned long)*sz, during_tag, GetLastError ());
+               show_warning = 0;
+               return NULL;
+       }
+
+       if (!CryptProtectMemory (data, *sz, CRYPTPROTECTMEMORY_SAME_PROCESS)) {
+               if (show_warning && gtk_secure_warnings)
+                       fprintf (stderr, "couldn't encrypt %lu bytes of memory (%s): %#010X\n",
+                                (unsigned long)*sz, during_tag, GetLastError ());
+               show_warning = 0;
+               return NULL;
+       }
+
+       DEBUG_ALLOC ("gtk-secure-memory: new block ", *sz);
+
+       show_warning = 1;
+       return data;
+       
 #else
        if (show_warning && gtk_secure_warnings)
                fprintf (stderr, "your system does not support private memory");
@@ -965,6 +998,16 @@ sec_release_pages (void *pages, size_t sz)
 
        DEBUG_ALLOC ("gtk-secure-memory: freed block ", sz);
 
+#elif defined G_OS_WIN32
+       g_assert (sz % CRYPTPROTECTMEMORY_BLOCK_SIZE == 0);
+
+       if (!CryptUnprotectMemory (pages, sz, CRYPTPROTECTMEMORY_SAME_PROCESS))
+               fprintf (stderr, "couldn't decrypt private memory: %#010X\n", GetLastError ());
+
+       if (LocalFree (pages) != NULL)
+               fprintf (stderr, "couldn't free private anonymous memory: %#010X\n", GetLastError ());
+
+       DEBUG_ALLOC ("gtk-secure-memory: freed block ", sz);
 #else
        g_assert (FALSE);
 #endif

diff --git a/gtk/meson.build b/gtk/meson.build
index eed4dd734b9dfea87d7296b962e6d035c43dd983..05813490411bcf8bf5018bb888446f7d534065e2 100644 (file)
--- a/gtk/meson.build
+++ b/gtk/meson.build
@@ -1000,6 +1000,7 @@ if win32_enabled
 
   gtk_deps += [cc.find_library('advapi32'),
                cc.find_library('comctl32'),
+               cc.find_library('crypt32'), # For CryptProtectMemory()
                cc.find_library('dwmapi'),
                cc.find_library('imm32'),
                cc.find_library('setupapi'),