[strongSwan-dev] Memwipe of loaded secrets through VICI

Jean-Francois HREN jean-francois.hren at stormshield.eu
Fri Oct 1 14:25:53 CEST 2021

Thank you for help again. 
It looks good to me. 
Thank you. 

De: "Tobias Brunner" <tobias at strongswan.org> 
À: "jean-francois hren" <jean-francois.hren at stormshield.eu> 
Cc: "dev" <dev at lists.strongswan.org> 
Envoyé: Vendredi 1 Octobre 2021 13:55:46 
Objet: Re: [strongSwan-dev] Memwipe of loaded secrets through VICI 

Hi Jean-Francois, 

> For the mmap, I'm not expert and I use Strongswan under FreeBSD so I'm 
> not sure the behavior is the same. 

Yeah, don't know either. 

> However since decrypted private key blobs are written in the mmap chunk, 

As far as I can tell, that's not the case. The first thing the pem 
plugin does is cloning the chunk (pem_builder_t:load_from_blob()). But 
if the key is not encrypted and mmap() is not available, there will 
definitely be another copy of the key in memory that we have to clean. 

> In src/swanctl/commands/load_creds.c:load_containers(), a call to 
> chunk_unmap_clear() should be done too maybe ? 

While it's possible to create PKCS#12 containers without encryption, I 
don't think that's very common in practice. But sure, we can add it 
just to be safe. 

> The static buffer returned by getpass() calls in swanctl should be wiped 
> too after use. 

Thanks, I've pushed another commit that changes that for all getpass() 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20211001/e8620ea4/attachment.html>

More information about the Dev mailing list