Am 10.08.20 um 17:00 schrieb Theo de Raadt:
> Philipp Klaus Krause <> wrote:
>> OpenBSD has the explicit_bzero function to reliably (i.e. even if not
>> observable in the C abstract machine) overwrite memory with zeroes.
>> WG14 is currently considering adding similar functionality to C2X.
> Then perhaps in the interests of the public they should use the same
> name, but I suspect they won't.

The functionality (i.e. some way to reliably overwrite memory) already
exists under different names: explicit_bzero in OpenBSD,
memzero_explicit in Linux, memset_s in the optional Annex K of the C
standard, explicit_memset in NetBSD, SecureZeroMemory in Windows etc.

A problem with the explicit_bzero name is that it is not an identifier
reserved for future extensions of the C standard, unlike identifiers
starting with mem.

>> Considered options include:
>> * A function like explicit_bzero or memset_explicit, that overwrites the
>> memory with a known value.
> We have never needed any value other than zero.

Thanks. I assume this will help WG14.
>> * A function like memclear, that overwrites the memory in an
>> implementation-defined manner, possibly using random data.
> This option is pretty laughable, because the compiler has no way to
> collect random data.  Their is nothing portable the compiler can call
> to get the random data.  I've personally worked on making this possible
> for more than a decade, and it is still not all there.

This option under the name secure_clear apparently is the one preferred
by WG21, the C++ comittee.


Reply via email to