Date: Thu, 29 Jan 2015 11:31:10 +0100 From: Daniel Cegiełka <daniel.cegielka@...il.com> To: musl@...ts.openwall.com Subject: Re: thoughts on reallocarray, explicit_bzero? 2015-01-29 11:04 GMT+01:00 Szabolcs Nagy <nsz@...t70.net>: > * Daniel Cegie??ka <daniel.cegielka@...il.com> [2015-01-29 10:30:40 +0100]: >> yet another secure_memzero(). A better solution would be to promote a >> single standard (eg. memset_s()) and the expectation that the compiler >> will respect it. >> > > i think you don't know the semantics of memset_s > (it uses nonsense types, has superflous arguments, handles > constraint violations through global state etc) > > it is a complicated mess and not a good api to standardize on > if all you want is to avoid information leak in crypto code I gave this as an example - the intention is to have a single standard (vs secure_memzero(), explicit_bzero(), memzero_explicit(), ...). http://openwall.com/lists/musl/2015/01/14/5 btw. libsodium prefers memset_s() over explicit_bzero() and over weak symbols. https://github.com/jedisct1/libsodium/blob/master/src/libsodium/sodium/utils.c#L56
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.