Am Montag, 10. November 2014, 21:55:43 schrieb Sandy Harris: Hi Sandy, Herbert, > On Sun, Nov 9, 2014 at 5:33 PM, Stephan Mueller <smueller@xxxxxxxxxx> wrote: > > while working on the AF_ALG interface, I saw no active zeroizations of > > memory that may hold sensitive data that is maintained outside the kernel > > crypto API cipher handles. ... > > > > I think I found the location for the first one: hash_sock_destruct that > > should be enhanced with a memset(0) of ctx->result. > > See also a thread titled "memset() in crypto code?" on the linux > crypto list. The claim is that gcc can optimise memset() away so you > need a different function to guarantee the intended results. There's a > patch to the random driver that uses a new function > memzero_explicit(), and one of the newer C standards has a different > function name for the purpose. That is a good idea. Herbert: I can prepare a patch that uses memzero_explicit. However, your current tree does not yet implement that function as it was added to Linus' tree after you pulled from it. Shall I now still use memset(0) or prepare a patch that does not yet compile by using memzero_explicit? -- Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html