Closed rcombs closed 3 weeks ago
rcombs
commented
3 weeks ago There are also non-openssl routines that can be used for this (e.g. memset_explicit, memset_s, explicit_bzero, SecureZeroMemory…), or std::fill could be used with the pointers casted to volatile.
rcombs
commented
3 weeks ago Switched this over to std::fill with volatile pointers, which has the same property of being guaranteed not to be optimized out (since volatile stores cannot be eliminated per the as-if rule), without expanding the openssl dependency; this should also fix the build errors created by including the openssl header.
bifurcation
commented
3 weeks ago Thanks @rcombs that sounds like a nicer solution to me. Happy to merge once CI passes.
Ensures that the zeroization can never be optimized out.