Date: Thu, 29 Jan 2015 11:04:31 +0100 From: Szabolcs Nagy <nsz@...t70.net> To: musl@...ts.openwall.com Subject: Re: thoughts on reallocarray, explicit_bzero? * Daniel Cegie??ka <daniel.cegielka@...il.com> [2015-01-29 10:30:40 +0100]: > yet another secure_memzero(). A better solution would be to promote a > single standard (eg. memset_s()) and the expectation that the compiler > will respect it. > i think you don't know the semantics of memset_s (it uses nonsense types, has superflous arguments, handles constraint violations through global state etc) it is a complicated mess and not a good api to standardize on if all you want is to avoid information leak in crypto code (btw no memset based solution can provide complete protection against info leak: if the crypto function is interrupted by a signal then all the register state will be copied to the stack or altstack and kept around for arbitrarily long time which is plenty information leaked)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.