qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 2/6] crypto: clear out buffer after timing pbkdf

From: Eric Blake
Subject: Re: [Qemu-devel] [PATCH 2/6] crypto: clear out buffer after timing pbkdf algorithm
Date: Thu, 8 Sep 2016 12:47:43 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 
On 09/08/2016 11:27 AM, Daniel P. Berrange wrote:
> The 'out' buffer will hold a key derived from master
> password, so it is best practice to clear this buffer
> when no longer required.
> 
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
>  crypto/pbkdf.c | 15 ++++++++++-----
>  1 file changed, 10 insertions(+), 5 deletions(-)

Reviewed-by: Eric Blake <address@hidden>

It still doesn't prevent the memory from being copied elsewhere (such as
the stack being paged out), unless we go to extraordinary lengths to
explicitly request volatile memory that can't be paged out.  I don't
know if we need to worry about that, though.  Do any of our crypto
libraries provide APIs for allocating local-use-only memory for
sensitive data?

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]