Professional Documents
Culture Documents
Solution : USE volatile qualifier for all variables that hold sensitive data
Every access (both read and write) made through an lvalue expression of volatile-qualified type is
considered an observable side effect for the purpose of optimization and is evaluated strictly
according to the rules of the abstract machine (that is, all writes are completed at some time
before the next sequence point). This means that within a single thread of execution, a volatile
access cannot be optimized out or reordered relative to another visible side effect that is
separated by a sequence point from the volatile access.
1st level : return value as volatile ,still calls compiler's memset (which is known by compiler)
/*
* Pointer to memset is volatile so that compiler must de-reference
* the pointer and can't assume that it points to any function in
* particular (such as memset, which it then might further "optimize")
*/
typedef void *(*memset_t)(void *, int, size_t);
static volatile memset_t memset_func = memset;
void OPENSSL_cleanse(void *ptr, size_t len)
{
memset_func(ptr, 0, len);
}
2nd level : own function, is unknown to compiler, might be slower but we're certain there will be no
optimization
do {
buf[--num] = (unsigned char)value;
} while (num);
return ptr;
}
Modern system => virtual memory => programs do not run on actual physical memory (RAM)
=> each program actually uses a chunk of RAM (a limited space of addresses)
=> virtual memory manager makes it so that program sees this chunk as if it was
the whole RAM (program sees as if start = 0x00000000 when it is 0x45ba2fee i.e)
System running low on physical memory (RAM) => vm manager frees RAM => swaps data on
RAM to DISK
Solution :
1-Lock virtual memory space to actual physical memory (RAM) space => Tell system not to erase
that memory space from RAM
2-Avoid swapping that region of memory from RAM to disk => Tell system not to copy that
memory region content to disk from RAM and use the data from disk
On Unix systems, the POSIX 1003.1b standard for real-time extensions introduces
an optional system call, mlock( ), which is intended to guarantee that locked memory
is always resident in physical memory. However, contrary to popular belief, it
does not guarantee that locked memory will never be swapped to disk.
=> locked memory is always on RAM, but the system can copy it to disk
=> it just means that the program will continue using the addresses from RAM rather from disk