Memory

Programming in C always requires caution when it comes to memory security. Because we handle sensitive data, we decided to clear all allocated memory before freeing it. To do this we wrote our own memory allocator (wrapper) and a custom free. By clearing all allocated memory and not only the parts known to be sensitive we ensure that all sensitive data is overwritten before freed. (Even if there is a refresh token as part of a server response.) Sensitive data on the stack is explicitly overwritten after usage.

Refresh tokens and client credentials are the most sensitive information that have to be kept in memory by oidc-agent for the whole time. To make it harder for an attacker to extract this information from the agent, it is obfuscated when not being used. The password used for obfuscation is dynamically generated when the agent starts. Additional encryption is applied when the agent is locked (see Agent Locking).