Did you *really* zeroize that key?
Patrick Chkoreff
patrick at loom.cc
Thu Nov 7 19:36:41 EST 2002
>From: "Trei, Peter" <ptrei at rsasecurity.com>
>
>[Moderator's note: FYI: no "pragma" is needed. This is what C's
>"volatile" keyword is for. Unfortunately, not everyone writing in C
>knows the language. --Perry]
Thanks for the reminder about "volatile." It is an ancient and valuable
feature of C and I suppose it's implemented correctly under gcc and some of
the Windoze compilers even with high optimization options like -O2.
> >From RISKS:
>http://catless.ncl.ac.uk/Risks/22.35.html#subj6
>
>Those of us who write code need to be reminded of this
>now and then.
Everybody probably also knows about the gnupg trick, where they define a
recursive routine called "burn_stack":
static void
burn_stack (int bytes)
{
char buf[64];
memset (buf, 0, sizeof buf);
bytes -= sizeof buf;
if (bytes > 0)
burn_stack (bytes);
}
Then there's the vararg technique discussed in Michael Welschenbach's book
"Cryptography in C and C++":
static void purgevars_l (int noofvars, ...)
{
va_list ap;
size_t size;
va_start (ap, noofvars);
for (; noofvars > 0; --noofvars)
{
switch (size = va_arg (ap, size_t))
{
case 1: *va_arg (ap, char *) = 0;
break;
case 2: *va_arg (ap, short *) = 0;
break;
case 4: *va_arg (ap, long *) = 0;
break;
default:
memset (va_arg(ap, char *), 0, size);
}
}
va_end (ap);
}
Here's an example of how you might call the routine:
purgevars_l(2, sizeof (la), &la,
sizeof (lb), &lb);
But hey, if "volatile" keyword works then so much the better. I would
recommend examining the assembly language output of your compiler to verify
that it honours "volatile."
-- Patrick
http://fexl.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list