Opened 5 years ago
#13312 new Feature Requests
boost::locale::conv and secure memory buffers
| Reported by: | Owned by: | Artyom Beilis | |
|---|---|---|---|
| Milestone: | To Be Determined | Component: | locale |
| Version: | Boost 1.63.0 | Severity: | Problem |
| Keywords: | Cc: |
Description
Sometimes it is useful to convert passwords from one encoding to another to guess the right encoding (for example to import certificates which have been exported with broken software).
For such (and maybe other cases) it would be nice if from_utf and to_utf had an option to specify the output memory buffer. I guess this would be best done via a template specialization.
I realize that this is a somewhat obscure concern. The benefit of trying to keep a password in secure memory is discussed even among experts. There are many other places higher (pipes, keyboard buffers) and lower (cpu caches) in the stack where password traces can remain. On the other hand, scanning the swap space for key material and passwords in the clear is a basic security check. For me, this is something that should be fixed if it is easy to do.
Right now, I am using this pattern, which at best relies on RVO and leaves a small race:
std::string convertedpw_ =
boost::locale::conv::from_utf<char>(password, charset);
Botan::secure_vector<uint8_t> convertedpw(convertedpw_.size());
memcpy(convertedpw.data(), convertedpw_.data(), convertedpw_.size());
/* Best effort. */
Botan::secure_scrub_memory((void *)convertedpw_.data(), convertedpw_.size());
Anyway, thanks a lot for a great library!
