[openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

2016-02-25 Thread Rich Salz via RT
closed with commit 104ce8a thanks. -- Rich Salz, OpenSSL dev team; rs...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4116 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

2015-11-11 Thread Alessandro Ghedini via RT
(sorry for the delay, but I've been travelling and moving) On Sat, Oct 31, 2015 at 11:01:22pm +, Brian Smith via RT wrote: > On Sat, Oct 31, 2015 at 11:50 AM, Alessandro Ghedini via RT > The point is to let the person building OPENSSL say "I want the build to > fail if

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

2015-11-11 Thread Kurt Roeckx via RT
On Wed, Nov 11, 2015 at 05:15:06PM +, Kaduk, Ben via RT wrote: > On 11/11/2015 07:06 AM, Kurt Roeckx via RT wrote: > > On Wed, Nov 11, 2015 at 12:37:56PM +, Alessandro Ghedini via RT wrote: > >> On Wed, Nov 11, 2015 at 11:52:56AM +, Kurt Roeckx via RT wrote: > >>> On Wed, Nov 11, 2015

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

2015-11-11 Thread Kaduk, Ben via RT
On 11/11/2015 07:06 AM, Kurt Roeckx via RT wrote: > On Wed, Nov 11, 2015 at 12:37:56PM +, Alessandro Ghedini via RT wrote: >> On Wed, Nov 11, 2015 at 11:52:56AM +, Kurt Roeckx via RT wrote: >>> On Wed, Nov 11, 2015 at 11:16:56AM +, Alessandro Ghedini via RT wrote: Also, FTR,

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

2015-11-11 Thread Alessandro Ghedini via RT
On Wed, Nov 11, 2015 at 01:06:54PM +, Kurt Roeckx via RT wrote: > On Wed, Nov 11, 2015 at 12:37:56PM +, Alessandro Ghedini via RT wrote: > > On Wed, Nov 11, 2015 at 11:52:56AM +, Kurt Roeckx via RT wrote: > > > On Wed, Nov 11, 2015 at 11:16:56AM +, Alessandro Ghedini via RT wrote:

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

2015-11-11 Thread Alessandro Ghedini via RT
On Wed, Nov 11, 2015 at 11:52:56AM +, Kurt Roeckx via RT wrote: > On Wed, Nov 11, 2015 at 11:16:56AM +, Alessandro Ghedini via RT wrote: > > > > I also added support for explicit_bzero() on OpenBSD. > > An explicit_bzero() call is no better than whatever > OPENSSL_cleanse() does, because

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

2015-11-11 Thread Kurt Roeckx via RT
On Wed, Nov 11, 2015 at 11:16:56AM +, Alessandro Ghedini via RT wrote: > > I also added support for explicit_bzero() on OpenBSD. An explicit_bzero() call is no better than whatever OPENSSL_cleanse() does, because it has exactly the same problems. So I don't think this is useful to do. >

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

2015-11-11 Thread Kurt Roeckx via RT
On Wed, Nov 11, 2015 at 12:37:56PM +, Alessandro Ghedini via RT wrote: > On Wed, Nov 11, 2015 at 11:52:56AM +, Kurt Roeckx via RT wrote: > > On Wed, Nov 11, 2015 at 11:16:56AM +, Alessandro Ghedini via RT wrote: > > > Also, FTR, apparently SecureZeroMemory() doesn't work on the mingw

[openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

2015-10-31 Thread Alessandro Ghedini via RT
Hi, the current platform-generic implementation of OPENSSL_cleanse() is very weird and IMO overly complex (its initial intent was to cleanse with values other than 0, but AFAICT none of the asm implementations do it), so I reimplemented it in a simpler way. I was also wondering whether it would

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

2015-10-31 Thread Alessandro Ghedini via RT
On Sat, Oct 31, 2015 at 07:59:03PM +, Brian Smith via RT wrote: > Alessandro Ghedini via RT wrote: > > > I was also wondering whether it would make sense to just drop the asm > > implementations. Does the speed-up justify the added complexity? > > > > IMO, it should work

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

2015-10-31 Thread Brian Smith via RT
Alessandro Ghedini via RT wrote: > I was also wondering whether it would make sense to just drop the asm > implementations. Does the speed-up justify the added complexity? > IMO, it should work like this: * memset_s when memset_s is available. * Otherwise, SecureZeroMemory,

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

2015-10-31 Thread Brian Smith via RT
On Sat, Oct 31, 2015 at 11:50 AM, Alessandro Ghedini via RT wrote: > In any case memset_s is not available anywhere anyway, so that doesn't > really > matter. > Is it available in some places, e.g.

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

2015-10-31 Thread Brian Smith
On Sat, Oct 31, 2015 at 11:50 AM, Alessandro Ghedini via RT wrote: > In any case memset_s is not available anywhere anyway, so that doesn't > really > matter. > Is it available in some places, e.g.

Re: [openssl-dev] [openssl.org #4116] [PATCH] Reimplement non-asm OPENSSL_cleanse()

2015-10-31 Thread Kurt Roeckx via RT
On Sat, Oct 31, 2015 at 09:58:50AM -1000, Brian Smith wrote: > Alessandro Ghedini via RT wrote: > > > I was also wondering whether it would make sense to just drop the asm > > implementations. Does the speed-up justify the added complexity? > > > > IMO, it should work like