From owner-freebsd-current@FreeBSD.ORG Sun Jun 13 08:09:27 2010 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4F6E91065673 for ; Sun, 13 Jun 2010 08:09:27 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 0DFC38FC17 for ; Sun, 13 Jun 2010 08:09:26 +0000 (UTC) Received: from ds4.des.no (des.no [84.49.246.2]) by smtp.des.no (Postfix) with ESMTP id 0CC291FFC33; Sun, 13 Jun 2010 08:09:26 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id C745D84430; Sun, 13 Jun 2010 10:07:15 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: ticso@cicely.de References: <20100611162118.GR39829@acme.spoerlein.net> <867hm5tl6u.fsf@ds4.des.no> <20100612153526.GA3632@acme.spoerlein.net> <20100612163208.GS87112@cicely7.cicely.de> <864oh86tnl.fsf@ds4.des.no> <20100612225216.GT87112@cicely7.cicely.de> Date: Sun, 13 Jun 2010 10:07:15 +0200 In-Reply-To: <20100612225216.GT87112@cicely7.cicely.de> (Bernd Walter's message of "Sun, 13 Jun 2010 00:52:16 +0200") Message-ID: <86wru3we30.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.95 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: current@freebsd.org Subject: Re: Cleanup for cryptographic algorithms vs. compiler optimizations X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jun 2010 08:09:27 -0000 Bernd Walter writes: > Dag-Erling Sm=C3=B8rgrav writes: > > Bernd Walter writes: > > > I'm not sure when removing a memset is allowed. > > Always, if the compiler can determine that the data will not be used > > later. > I'm at least sure that the compiler can't if it is linked from another > object file. When running in hosted mode, the compiler can *always* inline a memset() call or eliminate it if it can determine that the result is not used. > The problem with memset is that the compiler has an internal > implementation. That's a feature, not a problem. > On the other hand I wonder what the deep sense is to clear memory > which is unused later. I know that crypto code can be tricky > sometimes, but if someone is willing to explain the specific reason my > curiosity would be satified. You always overwrite passphrases, keys etc. as soon as you're done with them so they don't end up in a crash dump or on a swap disk or something. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no