Did you *really* zeroize that key?
Patrick Chkoreff
patrick at loom.cc
Fri Nov 8 11:01:25 PST 2002
At 02:22 PM 11/8/2002 +0000, Vincent Penquerc'h wrote:
>while (!is_all_memory_zero(ptr)) zero_memory(ptr);
Right, unfortunately the compiler might be insightful enough just to
optimize that whole thing to skip() -- Dijkstra's null statement.
Even Welschenbach calls "ispurged" immediately after "purgevars" to make
sure the memory is actually zero. The ispurged routine is also defined
using va_list, and if you turn on assertion checking it dies if the memory
is nonzero.
The problem is you NEVER KNOW if the compiler is just being clever and
optimizing the assertion away, e.g.:
sensitive = 0;
if (sensitive) abort();
The compiler will simply "know" to optimize this whole thing to skip().
However, it is highly unlikely the compiler will be able to see through
va_list manipulations. This problem is a real bear. I guess you just have
to check the assembler output, eh?
-- Patrick
http://fexl.com
More information about the cypherpunks-legacy
mailing list