Hello,
On December 9, 2002 01:17 am, Wirta Ville wrote:
> Just a humble opinnion on that problem. How about adding a normal
> memset to be the last action that OPENSSL_cleanse() does? Would that
> make any kind of sence or improvement? That way the compiler would have
> to make sure OpenSSL can safely expect to find a NULL from a memset:ed
> pointer field? There may or may not actually be NULL values, but that
> doesn't matter because OPENSSL_cleanse() has already put some random
> data in there. ...Or is this too simple idea to ever work? :-)
One obvious point is that OPENSSL_cleanse() serves two purposes;
(1) intertwine the input/output dependencies of the "cleanse" logic with
"malloc" so that compilers can't just throw the operation away.
(2) sanitise memory
Adding a memset after the cleanse() destroys (1) ... the compiler knows
that no matter what we do, the memory ends up blanked anyway so it may
start to optimise stuff away (including possibly the memset as well).
Also, memset(,0,) is not the best memory sanitisation one can manage -
and arguably we should perhaps make OPENSSL_cleanse() configurable so
that it can be looped more than once. If you allow that loop count to be
set to zero then that could provide an option for disabling memory
sanitisation altogether if people don't care... hmm.
Anyway, w.r.t. adding a memset - I can't see how that improves anything
and can see possibilities for it breaking things.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
The bastards have beaten off rationalism for now, but haven't eliminated
our capacity for reason - to do that they'd have to make us forget how
to both think and fear at the same time.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
