Cryptography Reference
In-Depth Information
And what does the compiler make of this (Microsoft Visual C/C++ 6.0,
compilation with
cl -c -FAs -O2)
?
PUBLIC _f
; COMDAT _f
_TEXT SEGMENT
_ key _l$ = -516
_ secret $ = -520
_f
PROC NEAR
; COMDAT
; 5
:
CLINT key _l;
; 6
:
USHORT secret;
...
; 18
:
/* overwrite the variables */
; 19
:
secret = 0;
; 20
:
memset (key_l, 0, sizeof (key _l));
; 21
:
return 0;
xor
eax, eax
;22:}
add
esp, 532
; 00000214H
ret
0
_f
ENDP
_TEXT
ENDS
The assembler code generated by the compiler documents that the
instructions to delete the variables
key_l
and
secret
are passed over without
effect. From the point of view of optimization this is a desirable result. Even
the
inline
version of the function
memset()
is simply optimized away. For
security-critical applications, however, this strategy is simply too clever.
The active deletion of security-critical variables by overwriting must
therefore be implemented in such a way that it is actually carried out.
Oneshouldnotethatinthiscase
assertions
can prevent the checking for
effectiveness, since the presence of the assertions forces the compiler to
execute the code. When the assertions are turned off, then optimization
again goes into effect.
For the FLINT/C package the following function is implemented, which
accepts a variable number of arguments and treats them according to their
size as standard integer types and sets them to 0, or for other data structures
calls
memset()
and lets it do the overwriting:
