[PATCH v2 07/27] util: Introduce virsecureerase module
Peter Krempa
pkrempa at redhat.com
Tue Feb 2 16:55:44 UTC 2021
The module will provide functions for disposing secrets stored in
memory.
Note that for now it's implemented using memset, which is not really
secure.
Signed-off-by: Peter Krempa <pkrempa at redhat.com>
---
src/libvirt_private.syms | 4 ++++
src/util/meson.build | 1 +
src/util/virsecureerase.c | 44 +++++++++++++++++++++++++++++++++++++++
src/util/virsecureerase.h | 25 ++++++++++++++++++++++
4 files changed, 74 insertions(+)
create mode 100644 src/util/virsecureerase.c
create mode 100644 src/util/virsecureerase.h
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 8138780237..fa0c0887e9 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -3175,6 +3175,10 @@ virSecretLookupFormatSecret;
virSecretLookupParseSecret;
+# util/virsecureerase.h
+virSecureErase;
+
+
# util/virsocket.h
virSocketRecvFD;
virSocketSendFD;
diff --git a/src/util/meson.build b/src/util/meson.build
index c077c5cc99..e89d32c33d 100644
--- a/src/util/meson.build
+++ b/src/util/meson.build
@@ -86,6 +86,7 @@ util_sources = [
'virscsivhost.c',
'virseclabel.c',
'virsecret.c',
+ 'virsecureerase.c',
'virsocket.c',
'virsocketaddr.c',
'virstoragefile.c',
diff --git a/src/util/virsecureerase.c b/src/util/virsecureerase.c
new file mode 100644
index 0000000000..1dc3bb476a
--- /dev/null
+++ b/src/util/virsecureerase.c
@@ -0,0 +1,44 @@
+/*
+ * virsecureerase.c: Secure clearing of memory
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <config.h>
+
+#include "virsecureerase.h"
+
+/**
+ * virSecureErase:
+ * @ptr: pointer to memory to clear
+ * @size: size of memory to clear
+ *
+ * Clear @size bytes of memory at @ptr.
+ *
+ * Note that for now this is implemented using memset which is not secure as
+ * it can be optimized out.
+ *
+ * Also note that there are possible leftover direct uses of memset.
+ */
+void
+virSecureErase(void *ptr,
+ size_t size)
+{
+ if (!ptr || size == 0)
+ return;
+
+ memset(ptr, 0, size);
+}
diff --git a/src/util/virsecureerase.h b/src/util/virsecureerase.h
new file mode 100644
index 0000000000..66d7e28e8a
--- /dev/null
+++ b/src/util/virsecureerase.h
@@ -0,0 +1,25 @@
+/*
+ * virsecureerase.h: Secure clearing of memory
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#pragma once
+
+#include "internal.h"
+
+void
+virSecureErase(void *ptr, size_t size);
--
2.29.2
More information about the libvir-list
mailing list