Purpose of _gcry_burn_stack
Adam Langley
agl at imperialviolet.org
Wed May 28 21:52:54 CEST 2008
On Wed, May 28, 2008 at 11:21 AM, Michael Gorven <michael at gorven.za.net> wrote:
> I am using parts of libgcrypt in my implementation of LUKS support in GRUB2.
> Most of the ciphers have a number of calls to _gcry_burn_stack, but I can't
> figure out what exactly this does. It doesn't affect the operation of the
> ciphers (I currently have it commented out). What is the purpose of this
> function, and can I leave it out?
The source to this function can be seen at the end of [1].
What it's going is clearing some number of bytes from the stack.
Consider the following code:
void inner() {
char buffer[32];
fill_buffer_with_secret_key(buffer);
}
void outer() {
inner()
/* (1) */
}
Now, at point (1) the secret key is still in memory - on the stack.
_gcry_burn_stack will zero that out.
[1] http://www.google.com/codesearch?hl=en&q=+_gcry_burn_stack+show:Fy9qBXkJCU8:yt2DAu8VuEs:bl3DScJ85K4&sa=N&cd=1&ct=rc&cs_p=ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.1.44.tar.gz&cs_f=libgcrypt-1.1.44/src/misc.c
AGL
--
Adam Langley agl at imperialviolet.org http://www.imperialviolet.org
More information about the Gcrypt-devel
mailing list