[Cryptography] Heartbleed and fundamental crypto programming practices
Stuart Longland
stuartl at longlandclan.yi.org
Fri Apr 25 02:24:15 EDT 2014
On Thu, 10 Apr 2014 14:30:22 -0400, Bill Cox wrote:
> static inline void secureZeroMemory(void *v, uint32_t n) {
> volatile uint8_t *p = (volatile uint8_t *)v;
> while(n--) {
> *p++ = 0;
> }
> }
Okay, real novice question… since we're on the topic of how to convince
an optimiser of our aims.
What would be wrong with this?
static inline void secureZeroMemory(void *v, uint32_t n) {
memset(v, 0, n);
}
memset is in the C library, so not subject to the optimiser in the
compiler compiling your code, and presumably was compiled with the tricks
needed to make the compiler emit the write code, else memset wouldn't do
its job properly.
More information about the cryptography
mailing list