Yes, we use SecureZeroMemory() and memset_s(). Will
> On Jan 5, 2022, at 7:05 AM, Andreas Schneider <a...@cryptomilk.org> wrote: > > On Tuesday, January 4, 2022 6:05:05 PM CET Will Cosgrove via libssh2-devel > wrote: >> We do zero some sensitive data, but could be reviewed for completeness. > > I don't know how you exactly zero sensitive data, but be aware that if you do: > > memset() > free() > > The optimizer will optimize away the memset(). You either use > explicit_bzero() > or protect the memset() with additional assembler code. There is also > memset_s() or memset_secure() on some platforms. > > > Andreas > > -- > Andreas Schneider a...@cryptomilk.org > GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D > > -- libssh2-devel mailing list libssh2-devel@lists.haxx.se https://lists.haxx.se/listinfo/libssh2-devel
