> From: pgut001at_private [mailto:pgut001at_private] > Sent: Wednesday, October 30, 2002 11:12 AM > The problem he points out is that clearing sensitive > information such as encryption keys from memory may not work as > expected because an optimising compiler removes the memset() if > it decides it's redundant. setmem.c: #include <stddef.h> #include <string.h> void *setmem(void *s, int c, size_t n) {return memset(s, c, n);} other modules: #include <stddef.h> #include <string.h> extern void *setmem(void *, int, size_t); and replace sensitive-data memset with setmem. It's an external function, so only compilers that can eliminate zero-effect code across translation units can remove the call. No "tricks" required, and it'll work with every compiler I'm familiar with, for the price of one or two function calls. (Two in the case where the original memset could have been inlined, but typically the amount of sensitive data being cleared is negligible.) If you don't want to edit source, and memset performance isn't absolutely critical, you can just -Dmemset=setmem when compiling existing source and link with setmem.o (modulo development environment conventions of course). Michael Wojcik Principal Software Systems Developer, Micro Focus
This archive was generated by hypermail 2b30 : Wed Oct 30 2002 - 11:55:22 PST