mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-11-24 02:03:56 +08:00
plugin: Export secure_memzero() to plug-ins
The provides plug-ins with a safe and secure way to santize sensitive information such as passwords, by re-using the secure_memzero() implementation in OpenVPN. Signed-off-by: David Sommerseth <davids@openvpn.net> Acked-by: Selva Nair <selva.nair@gmail.com> Message-Id: <20170505184622.24520-1-davids@openvpn.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14546.html Signed-off-by: David Sommerseth <davids@openvpn.net>
This commit is contained in:
parent
9900e023bc
commit
f018dfcc36
@ -199,7 +199,8 @@ struct openvpn_plugin_string_list
|
||||
|
||||
/* openvpn_plugin_{open,func}_v3() related structs */
|
||||
|
||||
/* Defines version of the v3 plugin argument structs
|
||||
/**
|
||||
* Defines version of the v3 plugin argument structs
|
||||
*
|
||||
* Whenever one or more of these structs are modified, this constant
|
||||
* must be updated. A changelog should be appended in this comment
|
||||
@ -218,8 +219,10 @@ struct openvpn_plugin_string_list
|
||||
* 3 Added ovpn_version, ovpn_version_major, ovpn_version_minor
|
||||
* and ovpn_version_patch to provide the runtime version of
|
||||
* OpenVPN to plug-ins.
|
||||
*
|
||||
* 4 Exported secure_memzero() as plugin_secure_memzero()
|
||||
*/
|
||||
#define OPENVPN_PLUGINv3_STRUCTVER 3
|
||||
#define OPENVPN_PLUGINv3_STRUCTVER 4
|
||||
|
||||
/**
|
||||
* Definitions needed for the plug-in callback functions.
|
||||
@ -255,9 +258,18 @@ typedef void (*plugin_vlog_t)(openvpn_plugin_log_flags_t flags,
|
||||
const char *plugin_name,
|
||||
const char *format,
|
||||
va_list arglist) _ovpn_chk_fmt (3, 0);
|
||||
|
||||
#undef _ovpn_chk_fmt
|
||||
|
||||
/**
|
||||
* Export of secure_memzero() to be used inside plug-ins
|
||||
*
|
||||
* @param data Pointer to data to zeroise
|
||||
* @param len Length of data, in bytes
|
||||
*
|
||||
*/
|
||||
typedef void (*plugin_secure_memzero_t)(void *data, size_t len);
|
||||
|
||||
|
||||
/**
|
||||
* Used by the openvpn_plugin_open_v3() function to pass callback
|
||||
* function pointers to the plug-in.
|
||||
@ -267,11 +279,18 @@ typedef void (*plugin_vlog_t)(openvpn_plugin_log_flags_t flags,
|
||||
* Messages will only be displayed if the plugin_name parameter
|
||||
* is set. PLOG_DEBUG messages will only be displayed with plug-in
|
||||
* debug log verbosity (at the time of writing that's verb >= 7).
|
||||
*
|
||||
* plugin_secure_memzero
|
||||
* : Use this function to securely wipe sensitive information from
|
||||
* memory. This function is declared in a way that the compiler
|
||||
* will not remove these function calls during the compiler
|
||||
* optimization phase.
|
||||
*/
|
||||
struct openvpn_plugin_callbacks
|
||||
{
|
||||
plugin_log_t plugin_log;
|
||||
plugin_vlog_t plugin_vlog;
|
||||
plugin_secure_memzero_t plugin_secure_memzero;
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -410,7 +410,8 @@ plugin_log(openvpn_plugin_log_flags_t flags, const char *name, const char *forma
|
||||
|
||||
static struct openvpn_plugin_callbacks callbacks = {
|
||||
plugin_log,
|
||||
plugin_vlog
|
||||
plugin_vlog,
|
||||
secure_memzero /* plugin_secure_memzero */
|
||||
};
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user