> From: David Schwartz [mailto:dav...@webmaster.com] > Sent: Friday, March 25, 2011 11:44 PM > > On 3/25/2011 4:17 PM, Jeremy Farrell wrote: > > >> From: Jeffrey Walton > >> Sent: Friday, March 25, 2011 8:45 PM > >> On Fri, Mar 25, 2011 at 3:56 PM, Anthony > Gabrielson<agabriels...@comcast.net> wrote: > > >>> This will do what you want: > >>> > >>> > >>> http://agabrielson.wordpress.com/2010/07/15/openssl-an-example-from-the-command-line/ > >> > >> memset(plaintext,0,sizeof(plaintext)); > >> > >> The optimizer might remove your zeroization. > >> > >> Jeff > > > But only if has a bug, in which case it might do anything. > > It can remove it even without a bug. It's a common optimization to > remove an assignment that the optimizer can prove has no > effects. Since the 'memset' is the last reference to 'plaintext', > the optimizer can legally remove it.
I think there must be some confusion here. The compiler can certainly do anything "strange" that it likes as long as the program can't tell by any C-conformant means that it has done so. Stripping pointless code is one of the simplest example of that. In this case though 'plaintext' is referenced again after both calls to 'memset'. The code in question is at <http://web.me.com/agabrielson/code/test_AES.c>, linked from the page mentioned above.______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
