> In message <[EMAIL PROTECTED]> on Sat, 23 Nov 2002 13:36:43 
>-0500, Geoff Thorpe <[EMAIL PROTECTED]> said:
> 
> geoff> But then we already knew that - Peter Gutmann had pointed out in the past 
> geoff> that a single write of zeroes to disk or memory doesn't protect against 
> geoff> the previous values being retrieved if you have physical (power-off) 
> geoff> access. So aggressive compilers are simply forcing an issue we should 
> geoff> have confronted anyway - clean the memory properly.
> geoff> 
> geoff> Eg.
> geoff>     CRYPTO_cleanse(void *ptr, size_t len)
> geoff>     {
> geoff>         static unsigned char foo = 0;
> geoff>         unsigned char *p = ptr;
> geoff>         size_t loop = len;
> geoff>         while(loop--) {
> geoff>             *(p++) = foo++;
> geoff>             foo += (17 + (unsigned char)(p & 0xF))
> geoff>         }
> geoff>         if(memchr(ptr, foo, len))
> geoff>             foo += 63;
> geoff>     }
> 
> I like that one.  If noone sees a problem, I'll insert that as soon as
> I have some time.

I would modify it as such:

  volatile unsigned char * 
  CRYPTO_cleanse(volatile void *ptr, size_t len) {
    volatile static unsigned char foo = 0;
    volatile unsigned char *p = ptr;
    size_t loop = len;
    while(loop--) {
      *(p++) = foo++;
      foo += (17 + (unsigned char)(p & 0xF))
    }
    if(memchr(ptr, foo, len))
      foo += 63;
    return(&foo);
  }


 Jeffrey Altman * Volunteer Developer      Kermit 95 2.1 GUI available now!!!
 The Kermit Project @ Columbia University  SSH, Secure Telnet, Secure FTP, HTTP
 http://www.kermit-project.org/            Secured with MIT Kerberos, SRP, and 
 [EMAIL PROTECTED]               OpenSSL.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to