[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 16 Jul 2016 18:34:12 +0200
From: Daniel Cegiełka <daniel.cegielka@...il.com>
To: owl-dev@...ts.openwall.com
Subject: Re: passwdqc code quality
2016-07-16 18:27 GMT+02:00 Solar Designer <solar@...nwall.com>:
> On Sat, Jul 16, 2016 at 06:40:21PM +0300, Solar Designer wrote:
> This memset() reminds me: we also have many memset() calls trying to
> zeroize things. This always made little sense, and it makes even less
> sense with modern compilers, which tend to optimize such calls away.
>
> So maybe one of the code quality aspects is to add a source file with a
> slightly less unreliable memory zeroization function, and use that.
> Maybe like Colin Percival's insecure_memzero():
>
> https://github.com/Tarsnap/libcperciva/blob/master/util/insecure_memzero.c
>
> http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html
> http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html
or use some kind of explicit_bzero() from OpenBSD
#include <string.h>
static void *(*volatile explicit_memset)(void *, int, size_t) = memset;
void explicit_bzero(void *b, size_t len)
{
(*explicit_memset)(b, 0, len);
}
Daniel
> Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
