On Wed, Dec 12, 2007 at 05:27:38PM -0500, Thierry Moreau
wrote:
> As a consequence of alleged consensus above, my
understanding of the C
> standard would prevail and (memset)(?,0,?) would refer
to an external
> linkage function, which would guarantee (to the
sterngth of the above
> consensus) resetting an arbitrary memory area for
secret intermediate
> result protection.
GCC on x86-64 (-O2) compiles this function to the same
machine code
regardless of the value of ZEROIZE:
#include <string.h>
int sensitive(int key)
{
char buf[16];
int result = 0;
size_t j;
for(j = 0; j != sizeof(buf); j++)
buf[j] = key + j;
for(j = 0; j != sizeof(buf); j++)
result += buf[j];
#if ZEROIZE
(memset)(buf, 0, sizeof(buf));
#endif
return result;
}
Even if (memset) must refer to a function with external
linkage (an
analysis I find dubious), there is nothing stopping the
compiler from
doing IPA/whole program optimization - especially with a
very basic
function like memset (in the code above, if buf is declared
volatile,
GCC does do the memset: but it does it by moving immediate
zero values
directly to the memory locations, not by actually jumping to
any
external function).
Regards,
Jack
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomo metzdowd.com
|
