On Thu, Jan 31, 2008, Peter Waltenberg wrote: > OPENSSL_cleanse() doesn't zero memory regions, it fills them with > pseudo-random data. > Edit crypto/mem_clr.c and replace that code with memset(ptr,'\0',len); and > just clear the region - you'll see a significant performance boost if > that's your majorbottleneck. > > Just be aware that some hypothetical compiler could decide to skip the > memset - I can't remember which compiler that is, but it's the one that > comes with the free tinfoil hats ..... >
Note also that there is an assembly language version of OPENSSL_cleanse() in 0.9.9-dev which is significantly faster than the C version. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
