Am 10.08.20 um 17:00 schrieb Theo de Raadt: > Philipp Klaus Krause <p...@spth.de> wrote: > >> OpenBSD has the explicit_bzero function to reliably (i.e. even if not >> observable in the C abstract machine) overwrite memory with zeroes. >> >> WG14 is currently considering adding similar functionality to C2X. > > Then perhaps in the interests of the public they should use the same > name, but I suspect they won't.
The functionality (i.e. some way to reliably overwrite memory) already exists under different names: explicit_bzero in OpenBSD, memzero_explicit in Linux, memset_s in the optional Annex K of the C standard, explicit_memset in NetBSD, SecureZeroMemory in Windows etc. A problem with the explicit_bzero name is that it is not an identifier reserved for future extensions of the C standard, unlike identifiers starting with mem. > >> Considered options include: >> >> * A function like explicit_bzero or memset_explicit, that overwrites the >> memory with a known value. > > We have never needed any value other than zero. Thanks. I assume this will help WG14. > >> * A function like memclear, that overwrites the memory in an >> implementation-defined manner, possibly using random data. > > This option is pretty laughable, because the compiler has no way to > collect random data. Their is nothing portable the compiler can call > to get the random data. I've personally worked on making this possible > for more than a decade, and it is still not all there. This option under the name secure_clear apparently is the one preferred by WG21, the C++ comittee. Philipp