[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS and zeroing keys in Emacs

From: Paul Eggert
Subject: Re: GnuTLS and zeroing keys in Emacs
Date: Sun, 16 Jul 2017 16:53:20 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1

Ted Zlatanov wrote:
the best way is to either use gnutls_memset() (available since only
3.4.0 in lib/safe-memfuncs.c) or to copy it.

These days glibc's explicit_bzero is a better way to go, as its implementation should be more reliable than the 'volatile' trick used by gnutls_memset. So I installed the attached patches into master: they either use explicit_bzero, or copy it.

I'll file a bug report with the GnuTLS folks to suggest that they use explicit_bzero if available.

Attachment: 0001-Merge-from-gnulib.patch
Description: Text Data

Attachment: 0002-Use-explicit_bzero-to-clear-GnuTLS-keys.patch
Description: Text Data

Attachment: 0003-Use-memset-not-bzero.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]