portable method to zeroize memory when destroying a mpz number
Vincent Lefevre
vincent at vinc17.net
Thu Mar 20 21:52:12 UTC 2014
On 2014-03-20 20:24:24 +0100, Vicente Benjumea wrote:
> On 2014-03-20, Vincent Lefevre wrote:
> > Are you sure that memset is safe? AFAIK, the C implementation
> > could have some optimization to do nothing if it knows that
> > the memory will never be read in the context of the C virtual
> > machine.
>
> I'm not aware of any posible optimization on this. Thanks for the point.
If the memory is free'd just after, the memset could be skipped.
> > And what if the data have been stored in some swap space?
>
> It could be managed by calls to
>
> int mlock(const void *addr, size_t len);
If you know the addr and len information, you don't need a GMP
function to zero the memory.
> > IMHO, you should use your own memory interface.
>
> I agree. It is, perhaps, the safer way to follow. Although it requires
> to me to add an initialization function to my library.
>
> Also, in this approach, the "zeroization" would apply to every number. I
> don't know if it would be possible to apply "zeroization" selectively
> only to some numbers.
With your own interface, you could get all the information about
memory allocations, so that it should theoretically be possible
to zero only what you need. But there are drawbacks: with a
reallocation, you wouldn't be able to free and reuse the old
allocation immediately, in case it would need to be zeroed.
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the gmp-discuss
mailing list