In message <[EMAIL PROTECTED]> on Sat, 23 Nov 2002 13:36:43 
-0500, Geoff Thorpe <[EMAIL PROTECTED]> said:

geoff> But then we already knew that - Peter Gutmann had pointed out in the past 
geoff> that a single write of zeroes to disk or memory doesn't protect against 
geoff> the previous values being retrieved if you have physical (power-off) 
geoff> access. So aggressive compilers are simply forcing an issue we should 
geoff> have confronted anyway - clean the memory properly.
geoff> 
geoff> Eg.
geoff>     CRYPTO_cleanse(void *ptr, size_t len)
geoff>     {
geoff>         static unsigned char foo = 0;
geoff>         unsigned char *p = ptr;
geoff>         size_t loop = len;
geoff>         while(loop--) {
geoff>             *(p++) = foo++;
geoff>             foo += (17 + (unsigned char)(p & 0xF))
geoff>         }
geoff>         if(memchr(ptr, foo, len))
geoff>             foo += 63;
geoff>     }

I like that one.  If noone sees a problem, I'll insert that as soon as
I have some time.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis                -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to