Skip Menu |

To: krb5-bugs@MIT.EDU
Subject: zapping sensitive data before freeing
From: Ken Raeburn <raeburn@MIT.EDU>
Date: Tue, 01 Apr 2003 20:07:37 -0500
See the thread "use of memset and optimization" in the krbdev list
archives, starting 7 November 2002, also reported on the RISKS,
cryptography and cypherpunks lists.

When freeing key data, we should first zap the contents, with
something better than memset since gcc can optimize that away in
certain cases. A memset call with a pointer to volatile should be
sufficient, though we probably don't want all key data to be volatile

Changing krb5_free_keyblock isn't enough; we should also zap key
schedules, ASN.1 buffers that hold key data, etc.
Subject: CVS Commit
* k5-int.h (krb5int_zap_data, zap): New macros; call memset with volatile cast
for now.

To generate a diff of this commit:

cvs diff -r1.376 -r1.377 krb5/src/include/ChangeLog
cvs diff -r1.150 -r1.151 krb5/src/include/k5-int.h
Subject: CVS Commit
Don't combine encrypt and decrypt code paths.
Zap key schedule when done.

* des3.c (validate_and_schedule): Split out from old k5_des3_docrypt.
(k5_des3_encrypt, k5_des3_decrypt): Call it, and krb5int_des3_cbc_encrypt or
_decrypt, instead of k5_des3_docrypt. Zap key schedules before returning.

To generate a diff of this commit:

cvs diff -r1.21 -r1.22 krb5/src/lib/crypto/enc_provider/ChangeLog
cvs diff -r1.9 -r1.10 krb5/src/lib/crypto/enc_provider/des3.c