On Fri, Apr 24, 2020 at 9:12 PM Marion & Christophe JAILLET <christophe.jail...@wanadoo.fr> wrote: > > Le 24/04/2020 à 21:02, Ruediger Pluem a écrit : > > > > On 4/24/20 7:04 PM, yla...@apache.org wrote: > >> > >> + memset(buf, 0, sizeof(buf)); > > > > I cannot remember the gory details, but I remember a discussion either here > > or in APR land that these memset calls might be > > optimized away by a compiler. I only found a quick reference on the > > Internet to this topic: > > > > https://www.cryptologie.net/article/419/zeroing-memory-compiler-optimizations-and-memset_s/ > > See apr_crypto_memzero in APR trunk at least.
Yeah, I know it well ;) I thought about it, but wanted to check first whether we could use apr-util easily in mod_ssl.. Since we are in mod_ssl, I finally used OPENSSL_cleanse() in r1876950. Thanks, Yann.