From: Daniel Borkmann <dborkman@redhat.com>
To: Sandy Harris <sandyinchina@gmail.com>
Cc: Jason Cooper <jason@lakedaemon.net>,
linux-crypto@vger.kernel.org, hannes@stressinduktion.org
Subject: Re: memset() in crypto code?
Date: Mon, 06 Oct 2014 21:02:02 +0200 [thread overview]
Message-ID: <5432E72A.3070309@redhat.com> (raw)
In-Reply-To: <CACXcFmmNfgtHjwX7kJP8EKR01AMi-yujTZ55oTghJ7+J-eSzDA@mail.gmail.com>
On 10/06/2014 08:52 PM, Sandy Harris wrote:
> On Mon, Oct 6, 2014 at 1:44 PM, Jason Cooper <jason@lakedaemon.net> wrote:
>> On Sat, Oct 04, 2014 at 11:09:40PM -0400, Sandy Harris wrote:
...
>>> There was recently a patch to the random driver to replace memset()
>>> because, according to the submitter, gcc sometimes optimises memset()
>>> away ...
>
>> memzero_explicit() is a good start, ...
>
> As I see it, memzero_explicit() is a rather ugly kluge, albeit an
> acceptable one in the circumstances.
Right.
> A real fix would make memset() do the right thing reliably; if the
> programmer puts in memset( x, 0, nbytes) then the memory should be
> cleared, no ifs or buts. I do not know or care if that means changes
> in the compiler or in the library code or even both, but the fix
> should make the standard library code work right, not require adding a
> new function and expecting everyone to use it.
That would be a desirable goal, ideally perhaps as a built-in from
the compiler itself, just as memset(). Applications such as openssh
implement for the very same purpose their bzero_explicit() variant
just as well.
next prev parent reply other threads:[~2014-10-06 19:02 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-05 3:09 memset() in crypto code? Sandy Harris
2014-10-05 10:33 ` Daniel Borkmann
2014-10-06 17:44 ` Jason Cooper
2014-10-06 17:59 ` Sandy Harris
2014-10-06 18:23 ` Jason Cooper
2014-10-06 18:52 ` Sandy Harris
2014-10-06 19:02 ` Daniel Borkmann [this message]
2014-10-08 2:30 ` Sandy Harris
2014-10-08 7:18 ` Daniel Borkmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5432E72A.3070309@redhat.com \
--to=dborkman@redhat.com \
--cc=hannes@stressinduktion.org \
--cc=jason@lakedaemon.net \
--cc=linux-crypto@vger.kernel.org \
--cc=sandyinchina@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).