Hey, I was looking through the source of ssh_string_burn, and I was wondering what guarantees there were to ensure it doesn't get optimized out.
Now, the new C11 memset_s(3) can be used to make those guarantees on platforms that have a new enough libc. Other platforms offer an explicit_bzero(3) function with that guarantee. Thanks, William Orr
signature.asc
Description: OpenPGP digital signature
