[Cryptography] Other obvious issues being ignored?

[Peter Gutmann]

Arnold Reinhold <agr at me.com> writes:

>The fact that the C standards ALLOW certain “optimizations” does not mean
>that compiler writers are REQUIRED to do the most evil things imaginable in
>certain situations

Exactly.  Currently, the gcc developers think, and will argue till they've
blue in the face, that this behaviour is OK.  The MSVC developers don't.

>At least Apple’s new Swift language includes arithmetic operators that
>explicitly allow overflows, but I have found no info about zeroization in
>Swift.

Some compilers will make the same assumption.  The thing with the C standard
is that it's written in a manner where it doesn't exclude things like ones-
complement machines.  Now the last one I know of that did that was the CDC
6600 from 1965, but in theory you could be targetting a half-century-old
computer with your compiler and so the standard can't rule it out.  Some
compilers, knowing that they're generating code for a twos-complement
architecture, behave accordingly.  Other compilers also know that they're
generating code for a twos-complement architecture, but use the vague language
in the C standard to, as you put it, "the most evil things imaginable".

Peter.