[Cryptography] Making sure memory erasure is not optimized away
Salz, Rich
rsalz at akamai.com
Sun Aug 28 12:44:48 EDT 2022
> I don't see how you're going to do any better than using qualifiers
like "volatile" in C and C#.
OpenSSL we had to drop into assembler in places where we could. Look up `OPENSSL_cleanse` The C function had to use an indirect call to prevent it being optimized away:
typedef void *(*memset_t)(void *, int, size_t);
static volatile memset_t memset_func = memset;
void OPENSSL_cleanse(void *ptr, size_t len)
{
memset_func(ptr, 0, len);
}
> PS: Every operating system I know zeros storage before adding it to
a process, so I'm kind of wondering what the threat model is here.
Bugs within a program may allow an adversary to read memory that the program was expecting to be cleared.
More information about the cryptography
mailing list