[strongSwan-dev] Memwipe of loaded secrets through VICI
jean-francois.hren at stormshield.eu
Fri Oct 1 14:25:53 CEST 2021
Thank you for help again.
It looks good to me.
De: "Tobias Brunner" <tobias at strongswan.org>
À: "jean-francois hren" <jean-francois.hren at stormshield.eu>
Cc: "dev" <dev at lists.strongswan.org>
Envoyé: Vendredi 1 Octobre 2021 13:55:46
Objet: Re: [strongSwan-dev] Memwipe of loaded secrets through VICI
> For the mmap, I'm not expert and I use Strongswan under FreeBSD so I'm
> not sure the behavior is the same.
Yeah, don't know either.
> However since decrypted private key blobs are written in the mmap chunk,
As far as I can tell, that's not the case. The first thing the pem
plugin does is cloning the chunk (pem_builder_t:load_from_blob()). But
if the key is not encrypted and mmap() is not available, there will
definitely be another copy of the key in memory that we have to clean.
> In src/swanctl/commands/load_creds.c:load_containers(), a call to
> chunk_unmap_clear() should be done too maybe ?
While it's possible to create PKCS#12 containers without encryption, I
don't think that's very common in practice. But sure, we can add it
just to be safe.
> The static buffer returned by getpass() calls in swanctl should be wiped
> too after use.
Thanks, I've pushed another commit that changes that for all getpass()
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev