portable method to zeroize memory when destroying a mpz number
Vicente Benjumea
vicente at lcc.uma.es
Thu Mar 20 19:24:24 UTC 2014
El jue, 20-03-2014 a las 15:33 +0100, Torbjorn Granlund escribió:
> Marc Glisse <marc.glisse at inria.fr> writes:
>
> Best would be for you to use the existing GMP interfaces to replace
> the allocation/deallocation functions and zero memory there.
>
> Alternatively wait a few days for the new GMP release which has a nice
> set of mpn functions specifically designed for cryptography.
>
Thanks, I'll explore both approaches
On 2014-03-20, Vincent Lefevre wrote:
> Are you sure that memset is safe? AFAIK, the C implementation
> could have some optimization to do nothing if it knows that
> the memory will never be read in the context of the C virtual
> machine.
I'm not aware of any posible optimization on this. Thanks for the point.
> And what if the data have been stored in some swap space?
It could be managed by calls to
int mlock(const void *addr, size_t len);
> IMHO, you should use your own memory interface.
I agree. It is, perhaps, the safer way to follow. Although it requires
to me to add an initialization function to my library.
Also, in this approach, the "zeroization" would apply to every number. I
don't know if it would be possible to apply "zeroization" selectively
only to some numbers.
Thanks a lot
Vicente
More information about the gmp-discuss
mailing list