On Wed, Dec 12, 2007 at 05:27:38PM -0500, Thierry Moreau wrote: > As a consequence of alleged consensus above, my understanding of the C > standard would prevail and (memset)(?,0,?) would refer to an external > linkage function, which would guarantee (to the sterngth of the above > consensus) resetting an arbitrary memory area for secret intermediate > result protection.
GCC on x86-64 (-O2) compiles this function to the same machine code regardless of the value of ZEROIZE: #include <string.h> int sensitive(int key) { char buf[16]; int result = 0; size_t j; for(j = 0; j != sizeof(buf); j++) buf[j] = key + j; for(j = 0; j != sizeof(buf); j++) result += buf[j]; #if ZEROIZE (memset)(buf, 0, sizeof(buf)); #endif return result; } Even if (memset) must refer to a function with external linkage (an analysis I find dubious), there is nothing stopping the compiler from doing IPA/whole program optimization - especially with a very basic function like memset (in the code above, if buf is declared volatile, GCC does do the memset: but it does it by moving immediate zero values directly to the memory locations, not by actually jumping to any external function). Regards, Jack --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]