According to http://cwe.mitre.org/data/slices/2000.html#14 due to optimization A call to memset() can be removed as a dead store when the buffer is not used after its value is overwritten. Does this optimization also occur during compilation of the Linux kernel? Then I think I may have found some vulnerabilities. One is sha1_update() where memset(temp, 0, sizeof(temp)); may be removed. Roel -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html