Cryptography Reference
In-Depth Information
static void purgevars_l (int noofvars, ...)
{
va_list ap;
size_t size;
va_start (ap, noofvars);
for (; noofvars > 0; -noofvars)
{
switch (size = va_arg (ap, size_t))
{
case 1:
*va_arg (ap, char *) = 0;
break;
case 2:
*va_arg (ap, short *) = 0;
break;
case 4:
*va_arg (ap, long *) = 0;
break;
default: memset (va_arg(ap, char *), 0, size);
}
}
va_end (ap);
}
The function expects pairs of the form (byte length of the variable, pointer
to the variable) as arguments, prefixed in
noofvars
by the number of such
pairs.
As an extension of this function the macro
PURGEVARS_L()
is defined by
#ifdef FLINT_SECURE
#define PURGEVARS_L(X) purgevars_l X
#else
#define PURGEVARS_L(X) (void)0
#endif /* FLINT_SECURE */
so that security mode can be turned on and off as required. Deletion of the
variables in
f()
can take place as follows:
/* overwrite the variables */
PURGEVARS_L ((2, sizeof (secret), & secret,
sizeof (key_l), key_l));
The compiler cannot ignore the call to this function on the principle
of optimization strategy, which could be accomplished only by an
extraordinarily effective global optimization. In any case, the effect of such
security measures should be checked by means of code inspection:
