On 10/09/2014 11:18 AM, Florian Weimer wrote: > On 10/08/2014 04:15 AM, Sandy Harris wrote: >> There are various solutions to this. Linux now has memzero_explicit(), >> Open SSH has bzero_explicit(), C11 has memset_s(). > > Minor nit: The C11 standard still allows memset_s to be optimized away > if this does not cause an observable difference in behavior (in C > terms). I know the intent is different, but this is impossible to > address within the standard, considering the direction in which the > language has developed over the last decades. The problem is that what constitutes an access to memory is not defined, so no definition can ever be possible. Nonetheless, the intent is clear, and we can only talk about implementations in this context. But really this is hopeless: there is nothing to prevent a C implementation from taking another copy of a key and stashing it somewhere, and it is not at all unlikely, for at least part of the key. Anybody who really cares about this kind of thing must do some machine-specific coding. Andrew.
