Purpose of _gcry_burn_stack

Adam Langley agl at imperialviolet.org
Wed May 28 21:52:54 CEST 2008


On Wed, May 28, 2008 at 11:21 AM, Michael Gorven <michael at gorven.za.net> wrote:
> I am using parts of libgcrypt in my implementation of LUKS support in GRUB2.
> Most of the ciphers have a number of calls to _gcry_burn_stack, but I can't
> figure out what exactly this does. It doesn't affect the operation of the
> ciphers (I currently have it commented out). What is the purpose of this
> function, and can I leave it out?

The source to this function can be seen at the end of [1].

What it's going is clearing some number of bytes from the stack.
Consider the following code:

void inner() {
  char buffer[32];

  fill_buffer_with_secret_key(buffer);
}

void outer() {
  inner()
  /* (1) */
}

Now, at point (1) the secret key is still in memory - on the stack.
_gcry_burn_stack will zero that out.

[1] http://www.google.com/codesearch?hl=en&q=+_gcry_burn_stack+show:Fy9qBXkJCU8:yt2DAu8VuEs:bl3DScJ85K4&sa=N&cd=1&ct=rc&cs_p=ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.1.44.tar.gz&cs_f=libgcrypt-1.1.44/src/misc.c


AGL

-- 
Adam Langley agl at imperialviolet.org http://www.imperialviolet.org



More information about the Gcrypt-devel mailing list