Opened 4 years ago

Closed 4 years ago

#16393 closed enhancement (fixed)

Include a readpassphrase implementation for Linux, Windows

Reported by: nickm Owned by:
Priority: Medium Milestone: Tor: 0.2.7.x-final
Component: Core Tor/Tor Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Thanks to #13642, we have encrypted key storage. It might be clever to actually have a good way to read passphrases for it. We use readpassphrase where availabe; let's include a freely redistributable implementation for unices that don't have it.

(Windows will be harder.)

Child Tickets

Change History (5)

comment:1 Changed 4 years ago by nickm

See branch readpassphrase in my public repository.

comment:2 Changed 4 years ago by nickm

Summary: Include a readpassphrase implementation for LinuxInclude a readpassphrase implementation for Linux, Windows

It now handles Windows too.

comment:3 Changed 4 years ago by nickm

Status: newneeds_review

comment:4 Changed 4 years ago by dgoulet

  • 771949a3e0fb4e4f9f0e049bf77833884ff7469c

Maybe we would want a memwipe (if we have a good one for Windows) here since buf can potentially contain a passphrase? Yes could be malformed passphrase but still could contain sensitive data.

memset(buf, 0, sizeof(wchar_t)*buflen);

The rest lgtm! FYI, I couldn't test it because of a lack of Windows machine so this is a code ACK.

comment:5 Changed 4 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Using SecureZeroMemory there. Merging. Thanks!

Note: See TracTickets for help on using tickets.