[dm-crypt] unsafe??? use of memset
gmazyland at gmail.com
Tue Dec 30 15:26:02 CET 2014
On 12/30/2014 02:57 PM, .. ink .. wrote:
> a lot of people like this one advises against the use of memset to clear memory but crypsetup seems to
> ignore this advice and use memset a lot like in.
> Any reason why cryptseup is ignoring this advice?
Why ignore? It worked with old compilers (and VC is not the issue here).
This is opensource, so I usually respond with "send a patch" to these messages...
But actually I have patch for that for weeks. I have just another issues which have
unfortunately much higher priority in my life and I am not going commit half-baked patch.
I fixed it is kernel dmcrypt, there we can use memzero_explicit()
Cryptsetup will follow (hopefully soon with other fixes).
And it is nothing critical.
There is a nice description of problem
Actually I want to replace zero memset with zero it with code used in BLAKE2.
It is simple and should work.
static inline void secure_zero_memory(void *v, size_t n)
volatile uint8_t *p = (volatile uint8_t *)v;
while(n--) *p++ = 0;
>  https://code.google.com/p/cryptsetup/source/browse/lib/tcrypt/tcrypt.c#272
>  http://edc.tversu.ru/elib/inf/0088/0596003943_secureprgckbk-chp-13-sect-2.html
More information about the dm-crypt