[PATCH] Wipe potentially sensitive stack memory.

Werner Koch wk at gnupg.org
Sat Jun 12 23:27:07 CEST 2021


On Fri, 11 Jun 2021 20:25, Ben Kibbey said:

> It is used for gpg IO during gpgme_op_decrypt_*() and other app
> engines. Although normally not key material, what remains in the buffer is
> decrypted data which could be anything including key material for some
> other purpose. I didn't push the patch because I wasn't sure what you or

Okay.  Most work will however go into the caller to keep it safe there ;-)

>> BTW, I plan to allow for lager buffers in this function to reduce the
>> overhead for certain callers which don't work well with small data
>> blocks.  Thus a new data object flag will anyway be added.
>
> OK cool.

So let me do it in the course of that patch.  I guess I can do that next
week.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20210612/520318bb/attachment.sig>


More information about the Gnupg-devel mailing list