[PATCH] Crypto EC - avoids possible memset compiler optimisation
Adam Petcher
adam.petcher at oracle.com
Mon Jan 8 16:30:31 UTC 2018
On 1/8/2018 10:13 AM, David CARLIER wrote:
> Hi,
>
> Here a little patch proposal which is usually relevant in
> cryptographics matters. Usually memset/bzero/... is used to clear
> private structures but the compiler can possibly optimize those calls
> but with this change we can unsure sensitive data is properly zero'ed
> using if possible native calls or memory fence.
SunEC doesn't really make an effort to zeroize sensitive data, and all
of the memset operations except for one (line 418) operate on memory
that is not sensitive. While the patch is a relatively simple change
that probably doesn't hurt anything, it doesn't seem to me like this
improvement is particularly valuable. Perhaps it would be more valuable
along with a larger improvement to make SunEC zeroize all intermediate
values. Though this would be a much larger undertaking, and it still may
not be useful on its own because the Java code in the provider also
holds some sensitive values.
>
> Kind regards.
More information about the security-dev
mailing list