Rich Salz <[EMAIL PROTECTED]> writes:
>Is this really something that OpenSSL should be concerned about? I mean, is
>it really trying to make itself safe from someone reading /dev/mem, /dev/swap,
>or the random swap blocks on the C: drive?
In other words "It's good enough for Microsoft work"? :-). If someone can read
/dev/mem you're toast anyway, what this is doing is avoiding the problem of
leaving pieces of private keys floating around all over memory. Currently the
bignum code takes care to zeroise bignums after they're no longer needed in all
locations *except* when realloc() is called, I see this as a hole in its
security if situations can occur where the zeroisation is bypassed.
Peter.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
