www.libssh2.org | Daily snapshots | Mailing list archive | Docs | Examples | github

Archive Index This month's Index

Subject: Re: [PATCH] wincng: Added explicit clear memory feature to WinCNG backend

Re: [PATCH] wincng: Added explicit clear memory feature to WinCNG backend

From: Marc Hoersken <info_at_marc-hoersken.de>
Date: Thu, 19 Jun 2014 19:27:00 +0200

Hello everyone,

attached you will find a new patch which takes Daniel's feedback into
- Replaced random overwrite with secure zeroing using SecureZeroMemory [2]
- Option renamed from --disable-memory-overwrite to --disable-clear-memory

On 18.05.2014 19:12, Marc Hoersken wrote:
> On 18.05.2014 19:02, Daniel Stenberg wrote:
>> This option only disables the random fill of the free data, it still
>> overwrites memory - only with zeros instead. So it doesn't disable
>> memory overwrite at all.
> You are right, [snip]
>> A question though: is there really anyone who suggests that it is
>> safer to fill the data with random data rather than just zeros? I just
>> can't see the point with doing such a slow operation and waste random
>> seed on this.
> I don't have specific expertise in this area, but I think a reason could
> be that a compiler might be tempted to optimize memset(buf, 0, len) out.
> Looking at the memory erasure procedure of the Tails operating system
> [1], it seems like overwriting with zeros is enough.

The feature now overwrites the data in internal memory buffers with
zeros using the secure functionality provided by the OS. If this feature
is ever expanded to other backends and of course different operating
systems, such a function would need to be provided and used.
Thanks, Daniel!

Please review the new patch. Any feedback is welcome. I guess the patch
should also include some warning about it only being available for
Windows with WinCNG for now before being merged at the current stage of
the implementation.

Best regards,

 [1] https://tails.boum.org/contribute/design/memory_erasure/
 [2] http://msdn.microsoft.com/en-us/library/windows/desktop/aa366877.aspx

Received on 2014-06-19

the libssh2 team