From 43696418af7fd917afab9429d5349674142f3294 Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Tue, 2 Feb 2021 15:27:22 +0100 Subject: [PATCH] util: Introduce virsecureerase module MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The module will provide functions for disposing secrets stored in memory. Note that for now it's implemented using memset, which is not really secure. Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrangé --- src/libvirt_private.syms | 4 ++++ src/util/meson.build | 1 + src/util/virsecureerase.c | 44 +++++++++++++++++++++++++++++++++++++++ src/util/virsecureerase.h | 25 ++++++++++++++++++++++ 4 files changed, 74 insertions(+) create mode 100644 src/util/virsecureerase.c create mode 100644 src/util/virsecureerase.h diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 8138780237..fa0c0887e9 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -3175,6 +3175,10 @@ virSecretLookupFormatSecret; virSecretLookupParseSecret; +# util/virsecureerase.h +virSecureErase; + + # util/virsocket.h virSocketRecvFD; virSocketSendFD; diff --git a/src/util/meson.build b/src/util/meson.build index c077c5cc99..e89d32c33d 100644 --- a/src/util/meson.build +++ b/src/util/meson.build @@ -86,6 +86,7 @@ util_sources = [ 'virscsivhost.c', 'virseclabel.c', 'virsecret.c', + 'virsecureerase.c', 'virsocket.c', 'virsocketaddr.c', 'virstoragefile.c', diff --git a/src/util/virsecureerase.c b/src/util/virsecureerase.c new file mode 100644 index 0000000000..1dc3bb476a --- /dev/null +++ b/src/util/virsecureerase.c @@ -0,0 +1,44 @@ +/* + * virsecureerase.c: Secure clearing of memory + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + * + */ + +#include + +#include "virsecureerase.h" + +/** + * virSecureErase: + * @ptr: pointer to memory to clear + * @size: size of memory to clear + * + * Clear @size bytes of memory at @ptr. + * + * Note that for now this is implemented using memset which is not secure as + * it can be optimized out. + * + * Also note that there are possible leftover direct uses of memset. + */ +void +virSecureErase(void *ptr, + size_t size) +{ + if (!ptr || size == 0) + return; + + memset(ptr, 0, size); +} diff --git a/src/util/virsecureerase.h b/src/util/virsecureerase.h new file mode 100644 index 0000000000..66d7e28e8a --- /dev/null +++ b/src/util/virsecureerase.h @@ -0,0 +1,25 @@ +/* + * virsecureerase.h: Secure clearing of memory + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + * + */ + +#pragma once + +#include "internal.h" + +void +virSecureErase(void *ptr, size_t size);