New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OPENSSL_cleanse should use memset_s #14
Comments
See pyca/cryptography#7 and http://www.daemonology.net/blog/2014-09-05-erratum.html (especially the comments). |
In particular, let's get rid of the nasty asm. |
OpenSSL has some assembly language implementations we might be able to use. Also, Apple Clang (and GCC?) has memset_s. See https://mta.openssl.org/pipermail/openssl-dev/2015-October/003264.html and that whole thread. |
Closed in favor of briansmith/ring-ffi#3. See b76f52c. Basically, we'll move these kinds of defenses into ring-ffi as much as possible. |
Sorry to poke around when not asked for... You probably can't use You can't use it because the Glibc folks refuse to provide it. Also see Issue 17879: Library is missing memset_s. |
Thanks for the comment, @noloader. I am aware that glibc doesn't provide it, but it is easy enough to add a polyfill in assembly language. Anyway, that's better discussed in briansmith/ring-ffi#3 now. |
WE should juse use
memset_s
. If necessary, we can supply a default implementation ofmemset_s
for platforms that don't provide it, if any. Alternatively, we can drop support for older versions of compilers that don't supply it.The text was updated successfully, but these errors were encountered: