Xperex Tim <[EMAIL PROTECTED]> writes:
> An article by Michael Howard
>
>(http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure10102002.asp)
> points out that when memset used to clear sensitive information like keys out of
>RAM, the memset
> (or equivalent code) can be optimized away by the compiler.
>
> He proposes three possible solutions:
> * Touch the memory after the memset
> * Replace memset with code that is not optimizable
> * Turn off optimizations for the secret clearing code
>
> Two of these solutions involved using the keyword volatile.
>
> A discussion on vuln-dev takes this further (I found it at
> http://online.securityfocus.com/archive/82/298061/2002-10-28/2002-11-03/1)
> and serious doubt is cast on using volatile. No 100% clear solution
> emerges.
>
> This seems fairly serious and I see plain old memset used in OpenSSL
> to remove sensitive data. Some combination of volatile, external
> memory clearing function, and filling with volatile data (like the
> time) might be sufficient.
>
> Comments from any of the developers?
I'm not one of the developers, but I have it pretty hard to get excited about
this sort of thing.
In the case of SSL in particular, the private key is generally
kept in memory for the life of the process. If it's not zeroed,
there's not a lot of point in zeroing other keys, since compromise
of the private key is usually sufficient to reveal all other keys.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
