On Fri, Sep 03, 2021 at 09:13:43AM +0800, Sandy Harris wrote: > Doing this the crypto directory: > grep memset *.c | wc -l > I get 137 results. > > The compiler may optimise memset() away, subverting the intent of > these operations. We have memzero_explicit() to avoid that problem. > > Should most or all those memset() calls be replaced? The ones that are determined to actually need this, sure, but a simple grep like that does not actually show that. You need to read the code itself to determine the need or not, please do so. good luck! greg k-h