> In message <[EMAIL PROTECTED]> on Sat, 23 Nov 2002 13:36:43
>-0500, Geoff Thorpe <[EMAIL PROTECTED]> said:
>
> geoff> But then we already knew that - Peter Gutmann had pointed out in the past
> geoff> that a single write of zeroes to disk or memory doesn't protect against
> geoff> the previous values being retrieved if you have physical (power-off)
> geoff> access. So aggressive compilers are simply forcing an issue we should
> geoff> have confronted anyway - clean the memory properly.
> geoff>
> geoff> Eg.
> geoff> CRYPTO_cleanse(void *ptr, size_t len)
> geoff> {
> geoff> static unsigned char foo = 0;
> geoff> unsigned char *p = ptr;
> geoff> size_t loop = len;
> geoff> while(loop--) {
> geoff> *(p++) = foo++;
> geoff> foo += (17 + (unsigned char)(p & 0xF))
> geoff> }
> geoff> if(memchr(ptr, foo, len))
> geoff> foo += 63;
> geoff> }
>
> I like that one. If noone sees a problem, I'll insert that as soon as
> I have some time.
I would modify it as such:
volatile unsigned char *
CRYPTO_cleanse(volatile void *ptr, size_t len) {
volatile static unsigned char foo = 0;
volatile unsigned char *p = ptr;
size_t loop = len;
while(loop--) {
*(p++) = foo++;
foo += (17 + (unsigned char)(p & 0xF))
}
if(memchr(ptr, foo, len))
foo += 63;
return(&foo);
}
Jeffrey Altman * Volunteer Developer Kermit 95 2.1 GUI available now!!!
The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP
http://www.kermit-project.org/ Secured with MIT Kerberos, SRP, and
[EMAIL PROTECTED] OpenSSL.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
