However, this is not true for data structures that are located on the heap. In many cases OpenSSL provides functions that allow a buffer to be reused: XXX_init(), XXX_cleanup(), XXX_free(). This is true for several data structures. By replacing memset() with OPENSSL_cleanse() in the XXX_cleanup() function we have a problem when the data structure contains pointers to additional heap allocations.
Hmm, so OpenSSL is depending on NULL being all-bytes-zero. :)
Probably a safe assumption, although theoretically you shouldn't do that.
But this does make me think that perhaps a better approach is to have a bunch of static instances:
X509_STORE_ctx nil_x509_store_ctx;
RSA nil_RSA;
...
etc.
Then OPENSSL_cleanse is
OPENSSL_cleanse2(volatile void* dest, volatile void* in, size_t s)
{
memcpy(dest, in, s);
/* play usual "force used" tricks here */
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
