[Cryptography] Other obvious issues being ignored?
John-Mark Gurney
jmg at funkthat.com
Fri Oct 23 17:36:21 EDT 2015
John Gilmore wrote this message on Thu, Oct 22, 2015 at 02:32 -0700:
> The main further bitch seems to be that "side effects get optimized
> away", such as assigning zero to a variable that is subsequently never
> referenced. (The "side effect" in that case is that a chunk of raw
> memory or registers no longer contains a cryptographically sensitive
> value after the assignment.) The standard C language has a cure for
> this, too, the "volatile" declaration. I have the same advice about
> getting crypto code from people who are unwilling to type that extra
> word.
Why volatile can't be used:
http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html
The key part:
The C standard states that accesses to volatile objects are part of the
unalterable observable behaviour -- but it says nothing about accesses
via lvalue expressions with volatile types.
Looks like C11 has memset_s now, which is good.
Colin has a follow on blog post about this:
http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the cryptography
mailing list