Hi,

On Fri, Nov 22, 2002 at 09:32:14AM -0600, Kenneth R. Robinette wrote:
> 
> You are worried about a performance impact of clearing a small password buffer?  I 
> would think the idea of changing memset() to a more secure function is an excellent 
> idea and well worth a couple of days of delay.  Heck, I have been waiting for 
>release 
> 0.9.7 for a couple of years!

Perhaps I misread, but I was under the impression that writing your own 
function didn't guarantee they'd be run, if the compiler gets clever 
enough (http://online.securityfocus.com/archive/82/297827).  I've also 
read that volatile won't fix it either, as the ANSI C spec permits the 
memset to be optimised away still 
(http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=02-11-080%40comp.compilers&rnum=3&prev=/groups%3Fq%3Dmemset%2B0%2Bvolatile%26hl%3Den%26lr%3D%26ie%3DUTF-8%26selm%3D02-11-080%2540comp.compilers%26rnum%3D3
 
article 8).  Suggested ways to deal with this are:

* Turn off optimisation for one file that performs the 'memset'
* Write an assembly language routine (even safer, but less portable)

However, some weird and wonderful OSs (DEC) can optimise binaries for you 
(article 13 in that discussion).  In that case, its difficult to propose 
something that will work for everyone in all situations.

I'd say this does need careful discussion.  The risk itself is small, but 
the negative publicity generated could be much worse.

Best regards,

Luke
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to