tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: crypto_memset (was: Re: Zero it if you're going to copy it out.)

On Tue, 28 Aug 2012, Matthias Drochner wrote:
I've added a "consttime_bcmp()" and brought things into shape.
The API of the Annex-K stuff is too complex anyway, it makes sense
to have a minimalistic API for internal use.

It mostly looks good to me.

I'd be inclined to add explicit_memset, implemented as a volatile pointer, roughly along the lines I outlined in another message:

         /* in a *.h file */
          * explicit_memset is a volatile pointer to the memset function.
          * You can call (*explicit_memset)(buf, val, len) or even
          * explicit_memset(buf, val, len) just as you would call
          * memset(buf, val, len), but the use of a volatile pointer
          * guarantees that the compiler will not optimise the call away.
         void * (* volatile explicit_memset)(void *, int, size_t);

         /* in a *.c file */
         explicit_memset = memset;

Then have explicit_bzero call explicit_memset instead of just calling memset.

I prefer to rely on the definition of volatile pointers, rather than relying on the compiler to be unable to optimise across compilation unit boundaries. Code gets cut and pasted, so the definition of explicit_bzero might end up in the same compilation unit as its caller.

--apb (Alan Barrett)

Home | Main Index | Thread Index | Old Index