Closed rcombs closed 3 weeks ago
There are also non-openssl routines that can be used for this (e.g. memset_explicit
, memset_s
, explicit_bzero
, SecureZeroMemory
…), or std::fill
could be used with the pointers casted to volatile
.
Switched this over to std::fill
with volatile
pointers, which has the same property of being guaranteed not to be optimized out (since volatile stores cannot be eliminated per the as-if rule), without expanding the openssl dependency; this should also fix the build errors created by including the openssl header.
Thanks @rcombs that sounds like a nicer solution to me. Happy to merge once CI passes.
Ensures that the zeroization can never be optimized out.