I still think my method of having the cat walk all over some numbers and
writing down which numbers she walks on is good.
[EMAIL PROTECTED]
>
> I have devised what I believe to be a foolproof and completely
> portable way of setting an array of bytes to all zeroes, a common
> security operation in cryptography programs.
>
>
> void
> clear_bytes(char magic, char p[], int n)
> {
> int i;
>
> p[0] &= magic;
>
> for (i = 1; i < n; i++)
> p[i] &= p[i-1];
>
> for (i = 0; i < n; i++)
> if (p[i] != magic)
> exit(magic);
> }
>
>
> In order to guarantee that this works, you must pass in 0 as the
> value of the 'magic' parameter, and you also must establish that 0
> value using a method that is completely undecidable even to the most
> intelligent compiler optimizer theoretically possible.
>
> Here is a simple example of how we can generate this "undecidable
> zero" and pass it into the routine.
>
> int
> main(int argc, char *argv[])
> {
> char array[32];
> char magic = (argc < 1 ? 0 : 255);
>
> clear_bytes(magic, array, sizeof(array));
>
> return 0;
> }
>
>
> If you call this program with no command line arguments, the value of
> magic will be 0 and the clear_bytes is guaranteed to zero out the
> array.
>
> If you call this program with any command line arguments at all, the
> value of magic will be 255 and the clear_bytes routine will exit with
> code 255. So the clear_bytes routine serves a dual purpose as an
> assertion that the clearing operation actually occurs properly. If
> it doesn't, your program aborts.
>
> It is impossible for a compiler to optimize away any of this code,
> because you can always find a way from OUTSIDE the program to make
> magic take on a nonzero value and thus reach the abort condition.
>
> Of course, your program will very likely expect command line
> arguments, but you can use a slightly altered technique for
> generating the necessary "magic undecidable zero." For example, if
> you know that your program will never be called with more than 5
> arguments, just use this line:
>
> char magic = (argc < 6 ? 0 : 255);
>
> In the very worst case the number of arguments to your program will
> be totally indeterminate, with no theoretical upper bound. This
> could easily happen if you expect file names with shell expansion,
> for example. In this case, you could simply require that the very
> first argument to your program must always be a specific character,
> for example 't'.
>
> char magic = ((argc > 1 && argv[1][0] == 't') ? 0 : 255);
>
> With this line, if the first argument to the program starts with a
> 't', magic will take on the correct value of 0.
>
> I do not recommend using anything in argv[0] because that is the
> actual name of your program as invoked from the command line. This
> could change if the executable file is renamed or if you call it with
> a leading path.
>
> You can always find some way to generate a magic undecidable zero.
> Some variation of the argc/argv technique should serve you well in
> all reasonable circumstances, but if you absolutely had to you could
> read a zero byte out of a file somewhere.
>
> Note that the clear_bytes function 'ands' each byte of the array with
> the previous byte, starting with the magic value. Only a magic value
> of 0 is guaranteed to make all the bytes zero. The second loop then
> checks the operation, ensuring that each byte is equal to the magic
> byte. This can only succeed if magic is 0 and all the bytes are 0.
> (Actually it could succeed with a nonzero magic value, but only if
> all the bytes were already equal to magic to begin with. Obviously
> this case is irrelevant.)
>
> So folks, this routine will definitely zero out an array, and it
> doesn't rely on the va_list (vararg) technique described in
> Welschenbach's book.
>
> Personally I rarely use global variables, so I like to pass the magic
> value around as an explicit parameter wherever it is needed. But you
> could use a global magic variable if you preferred.
>
> - -- Patrick
> http://fexl.com
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0
>
> iQA/AwUBPl7iz1A7g7bodUwLEQIxCwCgoBhwaXuP6Umjbcmx0aa0xeWsjZEAnRBy
> bYZgDf+QHEcwmPLHo2ME+/ik
> =zKvd
> -----END PGP SIGNATURE-----
>
>
>
> subscribe: send blank email to [EMAIL PROTECTED]
> unsubscribe: send blank email to [EMAIL PROTECTED]
> digest: send an email to [EMAIL PROTECTED]
> with "set [EMAIL PROTECTED] digest=on" in the message body
>
>
Kind regards,
[EMAIL PROTECTED]
http://www.gold-today.com
http://www.currencyregistry.com
http://www.goldcenturypress.com
"Do not go where the path may lead, go instead where there is no path and
leave a trail."
Ralph Waldo Emerson
