Hi, On Fri, Nov 22, 2002 at 09:32:14AM -0600, Kenneth R. Robinette wrote: > > You are worried about a performance impact of clearing a small password buffer? I > would think the idea of changing memset() to a more secure function is an excellent > idea and well worth a couple of days of delay. Heck, I have been waiting for >release > 0.9.7 for a couple of years!
Perhaps I misread, but I was under the impression that writing your own function didn't guarantee they'd be run, if the compiler gets clever enough (http://online.securityfocus.com/archive/82/297827). I've also read that volatile won't fix it either, as the ANSI C spec permits the memset to be optimised away still (http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=02-11-080%40comp.compilers&rnum=3&prev=/groups%3Fq%3Dmemset%2B0%2Bvolatile%26hl%3Den%26lr%3D%26ie%3DUTF-8%26selm%3D02-11-080%2540comp.compilers%26rnum%3D3 article 8). Suggested ways to deal with this are: * Turn off optimisation for one file that performs the 'memset' * Write an assembly language routine (even safer, but less portable) However, some weird and wonderful OSs (DEC) can optimise binaries for you (article 13 in that discussion). In that case, its difficult to propose something that will work for everyone in all situations. I'd say this does need careful discussion. The risk itself is small, but the negative publicity generated could be much worse. Best regards, Luke ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
