[Cryptography] Compiler optimization side channel
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Aug 28 00:35:48 EDT 2024
iang <iang at iang.org> writes:
>My own technique for clearing arrays is to xor each element with a rand, then
>sum the new elements, and print a diagnostic of the sum. While this "
>guarantees" that the code doesn't get optimised out, it doesn't guarantee
>that the elements of the array are actually written to.
In C that's been handled for awhile, under Windows with SecureZeroMemory(),
under OpenBSD with explicit_bzero(), and under ANSI C with the misleadingly
described memset_s(), "the memory indicated by [the memset parameters] may be
accessible in the future and therefore must contain the values indicated by
[the value to set]", because just saying "the memset_s() call won't be
optimised away" would be far too obvious and would let you know what's going
on.
Peter.
More information about the cryptography
mailing list