[strongSwan-dev] Memwipe of loaded secrets through VICI
Tobias Brunner
tobias at strongswan.org
Fri Oct 1 13:55:46 CEST 2021
Hi Jean-Francois,
> For the mmap, I'm not expert and I use Strongswan under FreeBSD so I'm
> not sure the behavior is the same.
Yeah, don't know either.
> However since decrypted private key blobs are written in the mmap chunk,
As far as I can tell, that's not the case. The first thing the pem
plugin does is cloning the chunk (pem_builder_t:load_from_blob()). But
if the key is not encrypted and mmap() is not available, there will
definitely be another copy of the key in memory that we have to clean.
> In src/swanctl/commands/load_creds.c:load_containers(), a call to
> chunk_unmap_clear() should be done too maybe ?
While it's possible to create PKCS#12 containers without encryption, I
don't think that's very common in practice. But sure, we can add it
just to be safe.
> The static buffer returned by getpass() calls in swanctl should be wiped
> too after use.
Thanks, I've pushed another commit that changes that for all getpass()
calls.
Regards,
Tobias
More information about the Dev
mailing list