Re: GnuTLS and zeroing keys in Emacs

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS and zeroing keys in Emacs

From:	Paul Eggert
Subject:	Re: GnuTLS and zeroing keys in Emacs
Date:	Sun, 16 Jul 2017 16:53:20 -0700
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1

Ted Zlatanov wrote:

the best way is to either use gnutls_memset() (available since only
3.4.0 in lib/safe-memfuncs.c) or to copy it.

These days glibc's explicit_bzero is a better way to go, as its implementationshould be more reliable than the 'volatile' trick used by gnutls_memset. So Iinstalled the attached patches into master: they either use explicit_bzero, orcopy it.

I'll file a bug report with the GnuTLS folks to suggest that they useexplicit_bzero if available.

0001-Merge-from-gnulib.patch
Description: Text Data

0002-Use-explicit_bzero-to-clear-GnuTLS-keys.patch
Description: Text Data

0003-Use-memset-not-bzero.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

GnuTLS and zeroing keys in Emacs, Paul Eggert, 2017/07/14
- Re: GnuTLS and zeroing keys in Emacs, Ted Zlatanov, 2017/07/15
  - Re: GnuTLS and zeroing keys in Emacs, Paul Eggert <=
    - Re: GnuTLS and zeroing keys in Emacs, Ted Zlatanov, 2017/07/17
  - Re: GnuTLS and zeroing keys in Emacs, Paul Eggert, 2017/07/16
    - Re: GnuTLS and zeroing keys in Emacs, Ted Zlatanov, 2017/07/17

Prev by Date: Re: Mac OS Sierra tab feature breaks C-x 5 2
Next by Date: Re: master 583995c: GnuTLS HMAC and symmetric cipher support
Previous by thread: Re: GnuTLS and zeroing keys in Emacs
Next by thread: Re: GnuTLS and zeroing keys in Emacs
Index(es):
- Date
- Thread