[openssl-dev] [openssl.org #4684] Potential problem with OPENSSL_cleanse
Andy Polyakov
appro at openssl.org
Thu Sep 22 20:45:33 UTC 2016
> We do have assembler versions for most CPI's.
In the context one can also add that the kind of optimization that could
omit memset invocation *has to* rely on deep inter-procedural
*multi-file* analysis. If compiler is given mem_clr.c alone, and it
doesn't look at it when compiling other modules, it won't be able to
eliminate the call. I said it several times already that no security
software should encourage deep inter-procedural optimizations such as
-flto (or -ipo in Intel compiler context).
For reference code generated by Intel compiler (when it's compiling
mem_clr.c alone) is equivalent to
f = memset_func;
if (f==memset) _intel_fast_memset(args)
else (*f)(args)
More information about the openssl-dev
mailing list