Browse code
plugin: Export secure_memzero() to plug-ins
The provides plug-ins with a safe and secure way to santize sensitive
information such as passwords, by re-using the secure_memzero()
implementation in OpenVPN.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <20170505184622.24520-1-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14546.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
David Sommerseth authored on 2017/05/06 03:46:22Showing 2 changed files
| ... | ... |
@@ -199,7 +199,8 @@ struct openvpn_plugin_string_list |
| 199 | 199 |
|
| 200 | 200 |
/* openvpn_plugin_{open,func}_v3() related structs */
|
| 201 | 201 |
|
| 202 |
-/* Defines version of the v3 plugin argument structs |
|
| 202 |
+/** |
|
| 203 |
+ * Defines version of the v3 plugin argument structs |
|
| 203 | 204 |
* |
| 204 | 205 |
* Whenever one or more of these structs are modified, this constant |
| 205 | 206 |
* must be updated. A changelog should be appended in this comment |
| ... | ... |
@@ -218,8 +219,10 @@ struct openvpn_plugin_string_list |
| 218 | 218 |
* 3 Added ovpn_version, ovpn_version_major, ovpn_version_minor |
| 219 | 219 |
* and ovpn_version_patch to provide the runtime version of |
| 220 | 220 |
* OpenVPN to plug-ins. |
| 221 |
+ * |
|
| 222 |
+ * 4 Exported secure_memzero() as plugin_secure_memzero() |
|
| 221 | 223 |
*/ |
| 222 |
-#define OPENVPN_PLUGINv3_STRUCTVER 3 |
|
| 224 |
+#define OPENVPN_PLUGINv3_STRUCTVER 4 |
|
| 223 | 225 |
|
| 224 | 226 |
/** |
| 225 | 227 |
* Definitions needed for the plug-in callback functions. |
| ... | ... |
@@ -255,10 +258,19 @@ typedef void (*plugin_vlog_t)(openvpn_plugin_log_flags_t flags, |
| 255 | 255 |
const char *plugin_name, |
| 256 | 256 |
const char *format, |
| 257 | 257 |
va_list arglist) _ovpn_chk_fmt (3, 0); |
| 258 |
- |
|
| 259 | 258 |
#undef _ovpn_chk_fmt |
| 260 | 259 |
|
| 261 | 260 |
/** |
| 261 |
+ * Export of secure_memzero() to be used inside plug-ins |
|
| 262 |
+ * |
|
| 263 |
+ * @param data Pointer to data to zeroise |
|
| 264 |
+ * @param len Length of data, in bytes |
|
| 265 |
+ * |
|
| 266 |
+ */ |
|
| 267 |
+typedef void (*plugin_secure_memzero_t)(void *data, size_t len); |
|
| 268 |
+ |
|
| 269 |
+ |
|
| 270 |
+/** |
|
| 262 | 271 |
* Used by the openvpn_plugin_open_v3() function to pass callback |
| 263 | 272 |
* function pointers to the plug-in. |
| 264 | 273 |
* |
| ... | ... |
@@ -267,11 +279,18 @@ typedef void (*plugin_vlog_t)(openvpn_plugin_log_flags_t flags, |
| 267 | 267 |
* Messages will only be displayed if the plugin_name parameter |
| 268 | 268 |
* is set. PLOG_DEBUG messages will only be displayed with plug-in |
| 269 | 269 |
* debug log verbosity (at the time of writing that's verb >= 7). |
| 270 |
+ * |
|
| 271 |
+ * plugin_secure_memzero |
|
| 272 |
+ * : Use this function to securely wipe sensitive information from |
|
| 273 |
+ * memory. This function is declared in a way that the compiler |
|
| 274 |
+ * will not remove these function calls during the compiler |
|
| 275 |
+ * optimization phase. |
|
| 270 | 276 |
*/ |
| 271 | 277 |
struct openvpn_plugin_callbacks |
| 272 | 278 |
{
|
| 273 | 279 |
plugin_log_t plugin_log; |
| 274 | 280 |
plugin_vlog_t plugin_vlog; |
| 281 |
+ plugin_secure_memzero_t plugin_secure_memzero; |
|
| 275 | 282 |
}; |
| 276 | 283 |
|
| 277 | 284 |
/** |
| ... | ... |
@@ -410,7 +410,8 @@ plugin_log(openvpn_plugin_log_flags_t flags, const char *name, const char *forma |
| 410 | 410 |
|
| 411 | 411 |
static struct openvpn_plugin_callbacks callbacks = {
|
| 412 | 412 |
plugin_log, |
| 413 |
- plugin_vlog |
|
| 413 |
+ plugin_vlog, |
|
| 414 |
+ secure_memzero /* plugin_secure_memzero */ |
|
| 414 | 415 |
}; |
| 415 | 416 |
|
| 416 | 417 |
|