Zero an mpz_t?

David Gillies daggillies at gmail.com
Mon Dec 19 23:38:20 CET 2011


On Mon, Dec 19, 2011 at 4:52 AM, Marc Glisse <marc.glisse at inria.fr> wrote:
> On Mon, 19 Dec 2011, James Barlow-Bignell wrote:
>
>> I have requirements to zero cryptographic 'secrets' represented by mpz_t
>> types. I'll have a look through the  internal functions and see if I can
>> access the memory from there.
>
>
> If you don't want to leave secrets lying around, you probably need to use
> your own allocator (so that realloc and free calls zero the data), so you
> might as well reuse that and just call mpz_clear to erase data. Note that
> gmp may also write quite a bit of data on the stack unless you disable the
> use of alloca.
>

A custom allocator also lets you sidestep the problem of paging.
Assuming you're on some sort of POSIX/SVR4 system then you'll probably
want to mlock()/munlock() the allocated space to stop it being paged
out to swap. I'm not sure if you want to go the extra paranoid step
and make sure L2 cache is flushed prior to unlocking pages.

-- 
David Gillies
San Jose
Costa Rica


More information about the gmp-discuss mailing list