Hi!
Some compilers might to optimize memset() call so it does nothing. That's
why memset() is not a proper variant.
Please take a look at OPENSSL_cleanse() function.
14.04.2014 23:57 пользователь "Markus Grundmann via RT" <r...@openssl.org>
написал:
> Hi!
>
> I have "checked" the current source code of 'crpyto/mem.c' and I'm a
> little bit suprised that no memset()-calls are made before the free_*()
> functions are entered. I think a "zeroing" of the previous used memory
> is a good solutions to beware for accessing old memory content.
>
> ---
>
> $ diff ../../openssl-1.0.1g/crypto/mem.c mem.c (after my modifications)
> 285a286,288
> > if (!str) return;
> > else memset(str,0,strlen(str));
> >
> 293a297,298
> >
> > str = NULL;
> 324a330
> > if (ret && num > 0) memset(ret,0,num);
> 328a335,342
> >
> > /* Check parameters
> > */
> > if (!str || !file || line <= 0)
> > {
> > return NULL;
> > }
> >
> 330a345
> > if (!ret) return NULL;
> 391a407,409
> > if (!str) return;
> > else memset(str,0,strlen(str));
> >
> 396a415
> > if (!str) return;
> 399a419
> > str = NULL;
>
>
> --
> Best regards,
> Markus
>
> Better Privacy with PGP encrypted Mail: http://activezone.de/pgp/
> Fingerprint: 58C5 8BAF 6FCE B24F 1881 B5B8 F2A8 E1D0 484B 0054
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List openssl-dev@openssl.org
> Automated List Manager majord...@openssl.org
>
