> In message <[EMAIL PROTECTED]> on Sat, 23 Nov 2002 13:36:43 >-0500, Geoff Thorpe <[EMAIL PROTECTED]> said: > > geoff> But then we already knew that - Peter Gutmann had pointed out in the past > geoff> that a single write of zeroes to disk or memory doesn't protect against > geoff> the previous values being retrieved if you have physical (power-off) > geoff> access. So aggressive compilers are simply forcing an issue we should > geoff> have confronted anyway - clean the memory properly. > geoff> > geoff> Eg. > geoff> CRYPTO_cleanse(void *ptr, size_t len) > geoff> { > geoff> static unsigned char foo = 0; > geoff> unsigned char *p = ptr; > geoff> size_t loop = len; > geoff> while(loop--) { > geoff> *(p++) = foo++; > geoff> foo += (17 + (unsigned char)(p & 0xF)) > geoff> } > geoff> if(memchr(ptr, foo, len)) > geoff> foo += 63; > geoff> } > > I like that one. If noone sees a problem, I'll insert that as soon as > I have some time.
I would modify it as such: volatile unsigned char * CRYPTO_cleanse(volatile void *ptr, size_t len) { volatile static unsigned char foo = 0; volatile unsigned char *p = ptr; size_t loop = len; while(loop--) { *(p++) = foo++; foo += (17 + (unsigned char)(p & 0xF)) } if(memchr(ptr, foo, len)) foo += 63; return(&foo); } Jeffrey Altman * Volunteer Developer Kermit 95 2.1 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/ Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]