Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 16 Jul 2016 18:34:12 +0200
From: Daniel Cegiełka <>
Subject: Re: passwdqc code quality

2016-07-16 18:27 GMT+02:00 Solar Designer <>:
> On Sat, Jul 16, 2016 at 06:40:21PM +0300, Solar Designer wrote:
> This memset() reminds me: we also have many memset() calls trying to
> zeroize things.  This always made little sense, and it makes even less
> sense with modern compilers, which tend to optimize such calls away.
> So maybe one of the code quality aspects is to add a source file with a
> slightly less unreliable memory zeroization function, and use that.
> Maybe like Colin Percival's insecure_memzero():

or use some kind of explicit_bzero() from OpenBSD

#include <string.h>

static void *(*volatile explicit_memset)(void *, int, size_t) = memset;

void explicit_bzero(void *b, size_t len)
        (*explicit_memset)(b, 0, len);


> Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.