[PATCH] Crypto EC - avoids possible memset compiler optimisation

Adam Petcher adam.petcher at oracle.com
Mon Jan 8 16:30:31 UTC 2018

On 1/8/2018 10:13 AM, David CARLIER wrote:

> Hi,
> Here a little patch proposal which is usually relevant in 
> cryptographics matters. Usually memset/bzero/... is used to clear 
> private structures but the compiler can possibly optimize those calls 
> but with this change we can unsure sensitive data is properly zero'ed 
> using if possible native calls or memory fence.

SunEC doesn't really make an effort to zeroize sensitive data, and all 
of the memset operations except for one (line 418) operate on memory 
that is not sensitive. While the patch is a relatively simple change 
that probably doesn't hurt anything, it doesn't seem to me like this 
improvement is particularly valuable. Perhaps it would be more valuable 
along with a larger improvement to make SunEC zeroize all intermediate 
values. Though this would be a much larger undertaking, and it still may 
not be useful on its own because the Java code in the provider also 
holds some sensitive values.

> Kind regards.

More information about the security-dev mailing list