Re: memset() in crypto code?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daniel Borkmann <dborkman@redhat.com>
To: Sandy Harris <sandyinchina@gmail.com>
Cc: Jason Cooper <jason@lakedaemon.net>,
	linux-crypto@vger.kernel.org, hannes@stressinduktion.org
Subject: Re: memset() in crypto code?
Date: Mon, 06 Oct 2014 21:02:02 +0200	[thread overview]
Message-ID: <5432E72A.3070309@redhat.com> (raw)
In-Reply-To: <CACXcFmmNfgtHjwX7kJP8EKR01AMi-yujTZ55oTghJ7+J-eSzDA@mail.gmail.com>

On 10/06/2014 08:52 PM, Sandy Harris wrote:
> On Mon, Oct 6, 2014 at 1:44 PM, Jason Cooper <jason@lakedaemon.net> wrote:
>> On Sat, Oct 04, 2014 at 11:09:40PM -0400, Sandy Harris wrote:
...
>>> There was recently a patch to the random driver to replace memset()
>>> because, according to the submitter, gcc sometimes optimises memset()
>>> away ...
>
>> memzero_explicit() is a good start, ...
>
> As I see it, memzero_explicit() is a rather ugly kluge, albeit an
> acceptable one in the circumstances.

Right.

> A real fix would make memset() do the right thing reliably; if the
> programmer puts in memset( x, 0, nbytes) then the memory should be
> cleared, no ifs or buts. I do not know or care if that means changes
> in the compiler or in the library code or even both, but the fix
> should make the standard library code work right, not require adding a
> new function and expecting everyone to use it.

That would be a desirable goal, ideally perhaps as a built-in from
the compiler itself, just as memset(). Applications such as openssh
implement for the very same purpose their bzero_explicit() variant
just as well.

next prev parent reply	other threads:[~2014-10-06 19:02 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-05  3:09 memset() in crypto code? Sandy Harris
2014-10-05 10:33 ` Daniel Borkmann
2014-10-06 17:44 ` Jason Cooper
2014-10-06 17:59   ` Sandy Harris
2014-10-06 18:23     ` Jason Cooper
2014-10-06 18:52   ` Sandy Harris
2014-10-06 19:02     ` Daniel Borkmann [this message]
2014-10-08  2:30       ` Sandy Harris
2014-10-08  7:18         ` Daniel Borkmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5432E72A.3070309@redhat.com \
    --to=dborkman@redhat.com \
    --cc=hannes@stressinduktion.org \
    --cc=jason@lakedaemon.net \
    --cc=linux-crypto@vger.kernel.org \
    --cc=sandyinchina@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.