Re: [Openvpn-devel] [PATCH] Introduce and use secure_memzero() to erase secrets

On 28-11-16 17:39, Selva Nair wrote: > > On Mon, Nov 28, 2016 at 7:13 AM, Steffan Karger > mailto:steffan.kar...@fox-it.com>> wrote: > > As described in trac #751, and shortly after reported by Zhaomo Yang, of > the University of California, San Diego, we use memset() (often through >

Re: [Openvpn-devel] [PATCH] Introduce and use secure_memzero() to erase secrets

Hi, My sloppy cut-n-paste missed this one: in ssl_verify.c @@ -1262,7 +1262,7 @@ verify_user_pass(struct user_pass *up, struct tls_multi *multi, "No auth-token will be activated now"); if (multi->auth_token) { - memset (multi->auth_token, 0, AUTH_TOKEN_SIZE); + mems

Re: [Openvpn-devel] [PATCH] Introduce and use secure_memzero() to erase secrets

On Mon, Nov 28, 2016 at 7:13 AM, Steffan Karger wrote: > As described in trac #751, and shortly after reported by Zhaomo Yang, of > the University of California, San Diego, we use memset() (often through > the CLEAR() macro) to erase secrets after use. In some cases however, the > compiler might

[Openvpn-devel] [PATCH] Introduce and use secure_memzero() to erase secrets

As described in trac #751, and shortly after reported by Zhaomo Yang, of the University of California, San Diego, we use memset() (often through the CLEAR() macro) to erase secrets after use. In some cases however, the compiler might optimize these calls away. This patch replaces these memset() c