tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: crypto_memset (was: Re: Zero it if you're going to copy it out.)
On 26.06.2012 20:51, Matthias Drochner wrote:
>
>> BTW, did we get the {crypto,safe,secure}:
>> _memset: not optimized by compiler away,
>> _memcmp: constant-time memcmp for a given size
>
> I have an implementation of explicit_bzero in my tree.
> The name is from OpenBSD. It certainly makes sense to
> use a bzero-like API because there is no need to carry
> the '0' fill pattern around.
> Didn't commit because someone suggested to use memset_s
> (from C1x Annex K).
Seems acceptable.
>> I am sure these will find their place in the kernel,
>> and also in some places in userland
>
> While my implementation lives in src/common, I've only
> used it from userland so far because I've found that
> the compiler didn't optimize out memset calls in the
> kernel even where it could, probably due to optimization
> switches. It should certainly be used in the kernel
> as well, to avoid surprises in future.
> Is anyone working on C1x Annex K support?
I don't think so. Does anyone have access to the final standard and not
the drafts?
--
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost
Home |
Main Index |
Thread Index |
Old Index