Re: Did you *really* zeroize that key?
At 02:22 PM 11/8/2002 +0000, Vincent Penquerc'h wrote:
while (!is_all_memory_zero(ptr)) zero_memory(ptr);
Right, unfortunately the compiler might be insightful enough just to optimize that whole thing to skip() -- Dijkstra's null statement. Even Welschenbach calls "ispurged" immediately after "purgevars" to make sure the memory is actually zero. The ispurged routine is also defined using va_list, and if you turn on assertion checking it dies if the memory is nonzero. The problem is you NEVER KNOW if the compiler is just being clever and optimizing the assertion away, e.g.: sensitive = 0; if (sensitive) abort(); The compiler will simply "know" to optimize this whole thing to skip(). However, it is highly unlikely the compiler will be able to see through va_list manipulations. This problem is a real bear. I guess you just have to check the assembler output, eh? -- Patrick http://fexl.com
participants (1)
-
Patrick Chkoreff