Paul Eggert writes: > Here's a proposed set of patches to add support for C23's > memset_explicit function, along with the corresponding fallout in > Gnulib. The idea is to prefer memset_explicit, but continue to > support explicit_bzero (which is not marked as obsolescent, as it's > too soon for that). Comments welcome. Thanks -- I did a brief code review and it looks fine, and thanks for adding a test-case for this -- it will be interesting to see in what environments it will fail, indicating problematic compiler optimizations (or bugs). A general observation is that I'm mixed about offering replacement of security-relevant APIs which do not offer the same guarantees as a secure implementation. In these situations, it may actually be preferrably to crash or to refuse to build the application, at least by default. Compare with gnulib's getrandom(). On platforms we care about, things should be secure, but it is just a small bug away from gnulib deciding to replace a system/compiler-provided secure memset_explicit with our less secure memset_explicit. OTOH, this would create a lot of problems: libtasn1's use of read_file() never uses the sensitive flag, and thus will never call explicit_bzero. Refusing to build would be excessive. /Simon