Re: crypto_memset (was: Re: Zero it if you're going to copy it out.)

[Matthias Drochner <M.Drochner%fz-juelich.de@localhost>]

> BTW, did we get the {crypto,safe,secure}:
> _memset: not optimized by compiler away,
> _memcmp: constant-time memcmp for a given size

I have an implementation of explicit_bzero in my tree.
The name is from OpenBSD. It certainly makes sense to
use a bzero-like API because there is no need to carry
the '0' fill pattern around.
Didn't commit because someone suggested to use memset_s
(from C1x Annex K).

> I am sure these will find their place in the kernel,
> and also in some places in userland

While my implementation lives in src/common, I've only
used it from userland so far because I've found that
the compiler didn't optimize out memset calls in the
kernel even where it could, probably due to optimization
switches. It should certainly be used in the kernel
as well, to avoid surprises in future.
Is anyone working on C1x Annex K support?

best regards
Matthias


------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------

Kennen Sie schon unseren neuen Film? http://www.fz-juelich.de/film
Kennen Sie schon unsere app? http://www.fz-juelich.de/app