[MONGOCRYPT-89] Securely allocate buffers for storing decrypted key material Created: 08/May/19 Updated: 13/Feb/20 Resolved: 15/Oct/19 |
|
| Status: | Closed |
| Project: | Libmongocrypt |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Kevin Albertson | Assignee: | Unassigned |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Description |
|
In the driver spec we've decided we want to make a best-effort to store decrypted key material securely in memory. In libmongocrypt, we can store cached decrypted key material in buffers allocated securely (i.e. don't get paged to disk and are zeroed out when freed). We have server code that already does this apparently. |
| Comments |
| Comment by Samantha Ritter (Inactive) [ 22/May/19 ] |
|
code review (secure zero only): https://mongodbcr.appspot.com/469100003/ |