[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuTLS and zeroing keys in Emacs
From: |
Paul Eggert |
Subject: |
Re: GnuTLS and zeroing keys in Emacs |
Date: |
Sun, 16 Jul 2017 16:53:20 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 |
Ted Zlatanov wrote:
the best way is to either use gnutls_memset() (available since only
3.4.0 in lib/safe-memfuncs.c) or to copy it.
These days glibc's explicit_bzero is a better way to go, as its implementation
should be more reliable than the 'volatile' trick used by gnutls_memset. So I
installed the attached patches into master: they either use explicit_bzero, or
copy it.
I'll file a bug report with the GnuTLS folks to suggest that they use
explicit_bzero if available.
0001-Merge-from-gnulib.patch
Description: Text Data
0002-Use-explicit_bzero-to-clear-GnuTLS-keys.patch
Description: Text Data
0003-Use-memset-not-bzero.patch
Description: Text Data