To: | krb5-bugs@MIT.EDU |
Subject: | zapping sensitive data before freeing |
From: | Ken Raeburn <raeburn@MIT.EDU> |
Date: | Tue, 01 Apr 2003 20:07:37 -0500 |
See the thread "use of memset and optimization" in the krbdev list
archives, starting 7 November 2002, also reported on the RISKS,
cryptography and cypherpunks lists.
When freeing key data, we should first zap the contents, with
something better than memset since gcc can optimize that away in
certain cases. A memset call with a pointer to volatile should be
sufficient, though we probably don't want all key data to be volatile
everywhere.
Changing krb5_free_keyblock isn't enough; we should also zap key
schedules, ASN.1 buffers that hold key data, etc.
archives, starting 7 November 2002, also reported on the RISKS,
cryptography and cypherpunks lists.
When freeing key data, we should first zap the contents, with
something better than memset since gcc can optimize that away in
certain cases. A memset call with a pointer to volatile should be
sufficient, though we probably don't want all key data to be volatile
everywhere.
Changing krb5_free_keyblock isn't enough; we should also zap key
schedules, ASN.1 buffers that hold key data, etc.