More on in-memory zeroisation

Jack Lloyd lloyd at
Thu Dec 13 14:22:47 EST 2007

On Wed, Dec 12, 2007 at 05:27:38PM -0500, Thierry Moreau wrote:
> As a consequence of alleged consensus above, my understanding of the C 
> standard would prevail and (memset)(?,0,?) would refer to an external 
> linkage function, which would guarantee (to the sterngth of the above 
> consensus) resetting an arbitrary memory area for secret intermediate 
> result protection.

GCC on x86-64 (-O2) compiles this function to the same machine code
regardless of the value of ZEROIZE:

#include <string.h>

int sensitive(int key)
   char buf[16];
   int result = 0;
   size_t j;

   for(j = 0; j != sizeof(buf); j++)
      buf[j] = key + j;

   for(j = 0; j != sizeof(buf); j++)
      result += buf[j];

   (memset)(buf, 0, sizeof(buf));

   return result;

Even if (memset) must refer to a function with external linkage (an
analysis I find dubious), there is nothing stopping the compiler from
doing IPA/whole program optimization - especially with a very basic
function like memset (in the code above, if buf is declared volatile,
GCC does do the memset: but it does it by moving immediate zero values
directly to the memory locations, not by actually jumping to any
external function).


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list