<div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-size:small"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Aug 28, 2022 at 5:21 PM Salz, Rich via cryptography <<a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">> I don't see how you're going to do any better than using qualifiers<br>
like "volatile" in C and C#.<br>
<br>
OpenSSL we had to drop into assembler in places where we could. Look up `OPENSSL_cleanse` The C function had to use an indirect call to prevent it being optimized away:<br>
typedef void *(*memset_t)(void *, int, size_t);<br>
static volatile memset_t memset_func = memset;<br>
<br>
void OPENSSL_cleanse(void *ptr, size_t len)<br>
{<br>
memset_func(ptr, 0, len);<br>
} <br>
<br>
> PS: Every operating system I know zeros storage before adding it to<br>
a process, so I'm kind of wondering what the threat model is here.<br>
<br>
Bugs within a program may allow an adversary to read memory that the program was expecting to be cleared.<br></blockquote><div><br></div><div><div class="gmail_default" style="font-size:small">Quite, and I don't trust the O/S not to give backdoor access. I can attach a debugger to a running process, how does that work if not... ?</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">One thing that really worries me is that a lot of programs these days are actually running in a Web browser in kiosk mode. And not a 1994 browser with just good ol' HTML. No, they have JavaScript, Web Assembly and half a billion lines of code along for the ride.</div><br></div><div><br></div><div><br></div><div> </div></div></div>