On 1/8/2018 10:13 AM, David CARLIER wrote:
Hi,
Here a little patch proposal which is usually relevant in
cryptographics matters. Usually memset/bzero/... is used to clear
private structures but the compiler can possibly optimize those calls
but with this change we can unsure sensitive data is properly zero'ed
using if possible native calls or memory fence.
SunEC doesn't really make an effort to zeroize sensitive data, and all
of the memset operations except for one (line 418) operate on memory
that is not sensitive. While the patch is a relatively simple change
that probably doesn't hurt anything, it doesn't seem to me like this
improvement is particularly valuable. Perhaps it would be more valuable
along with a larger improvement to make SunEC zeroize all intermediate
values. Though this would be a much larger undertaking, and it still may
not be useful on its own because the Java code in the provider also
holds some sensitive values.
Kind regards.
