Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 16 Jul 2016 19:10:52 +0200
From: Daniel Cegiełka <daniel.cegielka@...il.com>
To: owl-dev@...ts.openwall.com
Subject: Re: passwdqc code quality

2016-07-16 19:02 GMT+02:00 Solar Designer <solar@...nwall.com>:
> On Sat, Jul 16, 2016 at 06:34:12PM +0200, Daniel Cegie??ka wrote:
>> 2016-07-16 18:27 GMT+02:00 Solar Designer <solar@...nwall.com>:
>> > Maybe like Colin Percival's insecure_memzero():
>> >
>> > https://github.com/Tarsnap/libcperciva/blob/master/util/insecure_memzero.c
>> >
>> > http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html
>> > http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html
>>
>> or use some kind of explicit_bzero() from OpenBSD
>>
>> #include <string.h>
>>
>> static void *(*volatile explicit_memset)(void *, int, size_t) = memset;
>>
>> void explicit_bzero(void *b, size_t len)
>> {
>>         (*explicit_memset)(b, 0, len);
>> }
>
> Yes, but this is basically a subset of what Colin does.  Colin's idea is
> that since none of these tricks are guaranteed to be sufficient, he'd
> use several of them at once to minimize the chances of undesired
> optimization.  Unfortunately, his insecure_memzero() has measurable
> performance

That's why the explicit_bzero() forces memset(), which is usually
faster than for(;;) with buf[i] = 0;


> Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ