[cryptography] Just how bad is OpenSSL ?

Zack Weinberg zack.weinberg at sv.cmu.edu
Mon Nov 12 09:34:08 EST 2012


On Mon, Nov 12, 2012 at 2:32 AM, Jeffrey Walton <noloader at gmail.com> wrote:
>
> GCC really should provide a function like SecureZeroMemory that cannot
> be optimized away. Its easier than educating every developer about the
> optimization issue and telling them to compile with -O0. The Ostrich
> Algorithm at its finest.

I'm not disagreeing with you, but I predict with some confidence that
the GCC developers will say it's not necessary because you can write

    memset(buffer, 0, length);
    asm volatile("" : : "m" (({ struct { char b[length]; } *p = (void
*)buffer; *p; })));

to make it appear that 'buffer' is read from immediately after the
'memset', without further optimization consequences.  (Yes, that mess
after "m" is the documented way to express *how much* memory is read.)

zw



More information about the cryptography mailing list