[openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()
Brian Smith via RT
rt at openssl.org
Sat Oct 31 19:59:03 UTC 2015
Alessandro Ghedini via RT <rt at openssl.org> wrote:
> I was also wondering whether it would make sense to just drop the asm
> implementations. Does the speed-up justify the added complexity?
>
IMO, it should work like this:
* memset_s when memset_s is available.
* Otherwise, SecureZeroMemory, when SecureZeroMemory is available.
* Otherwise, if a flag OPENSSL_REQUIRE_SECURE_ZERO is set, fail.
* Otherwise, use an assembly language implementation, if available.
* Otherwise, emit a warning and use the C implementation.
Note in particular that the C compiler is allowed to completely defeat the
purpose of the function unless SecureZeroMemory or memset_s is used, even
if you use "volatile" or other tricks. The primary purpose of the assembly
language implementations is to reduce the possibility that the C compiler
will do the weird things that C compilers love to do.
Cheers,
Brian
--
https://briansmith.org/
More information about the openssl-dev
mailing list