RE: Software leaves encryption keys, passwords lying around in me mory

[Michael Wojcik <Michael.Wojcik () microfocus com>]

> From: pgut001 () cs auckland ac nz [mailto:pgut001 () cs auckland ac nz]
> Sent: Wednesday, October 30, 2002 11:12 AM

> The problem he points out is that clearing sensitive 
> information such as encryption keys from memory may not work as
> expected because an optimising compiler removes the memset() if
> it decides it's redundant.


setmem.c:

        #include <stddef.h>
        #include <string.h>
        void *setmem(void *s, int c, size_t n)
           {return memset(s, c, n);}

other modules:

        #include <stddef.h>
        #include <string.h>
        extern void *setmem(void *, int, size_t);

and replace sensitive-data memset with setmem.  It's an external function,
so only compilers that can eliminate zero-effect code across translation
units can remove the call.

No "tricks" required, and it'll work with every compiler I'm familiar with,
for the price of one or two function calls.  (Two in the case where the
original memset could have been inlined, but typically the amount of
sensitive data being cleared is negligible.)

If you don't want to edit source, and memset performance isn't absolutely
critical, you can just -Dmemset=setmem when compiling existing source and
link with setmem.o (modulo development environment conventions of course).

Michael Wojcik
Principal Software Systems Developer, Micro Focus