On Sun, Nov 12, 2017 at 7:03 PM, Mart Raudsepp <l...@gentoo.org> wrote: > On L, 2017-11-11 at 00:10 +0000, Jorge Almeida wrote: >> Well, most programmers probably won't care about this stuff anyway, >> and people who deal with cryptography tend to be more cautious than >> average. But I'm not really making a case for safe versions of known >> functions. After all, the usual functions do fine for most >> applications. memset() would be enough to clear RAM with sensitive >> data if we had a pragma (or equivalent) to convince the compiler to >> not ignore it (I mean a pragma to invoke on a particular function >> definition when the programmer feels that a black box behaviour is >> undesirable). Of course, solving the problem of the compiler copying >> stuff around might be harder nut to crack. > > Sounds like you want explicit_bzero from libbsd? > According to their man page, yes. I'll have to [try to] check the source. I wonder how they do it? Even the volatile modifier doesn't solve the problem, according to the link in previous post.
Anyway, there are probably circumstances where not optimizing a particular function would be useful. Zeroing sensitive data is just the first that comes to mind. (For example, what if you prefer overwriting your sensitive data with random bytes?) Jorge
