From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/6931 Path: news.gmane.org!not-for-mail From: =?UTF-8?Q?Daniel_Cegie=C5=82ka?= Newsgroups: gmane.linux.lib.musl.general Subject: Re: thoughts on reallocarray, explicit_bzero? Date: Thu, 29 Jan 2015 11:31:10 +0100 Message-ID: References: <20140519153130.GA519@muslin> <20140519161654.GO507@brightrain.aerifal.cx> <20150129021919.GM4574@brightrain.aerifal.cx> <20150129041509.GN4574@brightrain.aerifal.cx> <20150129100431.GJ32318@port70.net> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Trace: ger.gmane.org 1422527516 14161 80.91.229.3 (29 Jan 2015 10:31:56 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 29 Jan 2015 10:31:56 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-6944-gllmg-musl=m.gmane.org@lists.openwall.com Thu Jan 29 11:31:55 2015 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1YGmO5-0005fA-Re for gllmg-musl@m.gmane.org; Thu, 29 Jan 2015 11:31:49 +0100 Original-Received: (qmail 22305 invoked by uid 550); 29 Jan 2015 10:31:43 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 22287 invoked from network); 29 Jan 2015 10:31:42 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=5pXTjXIxFDcU/fnoUfm1pi0xwX74dzZ+KZP4T6TA58w=; b=q0QqR/LFPeM7OYhGXPqZB9VaaimIZrjhqxGTMpbE1UYNSXCoDjNMgqUNcvTOrz1+z5 +6LTmaEKd9g+RJkqPqQqyWPV9tDas36b/G3crIJoNBSJ76xAmNHC06iscIqqP6ByNiaB rl6fQ5kwil/x+iNkjJol8ySHzqkjA6LnFU2T3pdVBZH6ADV/qH/e/ZEwTQ7X72VJ9NFp YSbm4Pm7gHjFvfADG5xdXrTGI13tRDBa2PHhOVYy7n2fRbz835o/QcPGPt6+K/iqNA0c C4YXT6wdMwLhhhSAg2U3oD3x6GfUxDxvwHsCDzQXFAmO5eZROlL8+uVmKGhXYF1ciozN qffA== X-Received: by 10.182.71.73 with SMTP id s9mr5205816obu.15.1422527490831; Thu, 29 Jan 2015 02:31:30 -0800 (PST) In-Reply-To: <20150129100431.GJ32318@port70.net> Xref: news.gmane.org gmane.linux.lib.musl.general:6931 Archived-At: 2015-01-29 11:04 GMT+01:00 Szabolcs Nagy : > * Daniel Cegie??ka [2015-01-29 10:30:40 +0100]: >> yet another secure_memzero(). A better solution would be to promote a >> single standard (eg. memset_s()) and the expectation that the compiler >> will respect it. >> > > i think you don't know the semantics of memset_s > (it uses nonsense types, has superflous arguments, handles > constraint violations through global state etc) > > it is a complicated mess and not a good api to standardize on > if all you want is to avoid information leak in crypto code I gave this as an example - the intention is to have a single standard (vs secure_memzero(), explicit_bzero(), memzero_explicit(), ...). http://openwall.com/lists/musl/2015/01/14/5 btw. libsodium prefers memset_s() over explicit_bzero() and over weak symbols. https://github.com/jedisct1/libsodium/blob/master/src/libsodium/sodium/utils.c#L56