More on in-memory zeroisation

Werner Koch wk at
Fri Dec 14 11:14:34 EST 2007

On Thu, 13 Dec 2007 21:11, apb at said:

> 	volatile char buf[SIZE];
> 	/* ... do stuff with buf ... */
> 	memset(buf, 0, sizeof(buf));

This has the little disadvantage that you need to check the attributes
of BUF first and that you can't immediately see what the memset is used
for.  For a long time we use the macros below to document the intention
and to make sure that the compiler does not do any harm:

  /* To avoid that a compiler optimizes certain memset calls away, these
     macros may be used instead. */
  #define wipememory2(_ptr,_set,_len) do { \
                volatile char *_vptr=(volatile char *)(_ptr); \
                size_t _vlen=(_len); \
                while(_vlen) { *_vptr=(_set); _vptr++; _vlen--; } \
                    } while(0)
  #define wipememory(_ptr,_len) wipememory2(_ptr,0,_len)



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list