www.libssh2.org | Daily snapshots | Mailing list archive | Docs | Examples | github

Archive Index This month's Index

Subject: Re: [PATCH] wincng: Added explicit clear memory feature to WinCNG backend

Re: [PATCH] wincng: Added explicit clear memory feature to WinCNG backend

From: Marc Hoersken <info_at_marc-hoersken.de>
Date: Fri, 20 Jun 2014 15:37:25 +0200

Hi Peter,

On 19.06.2014 19:57, Peter Stuge wrote:
> The configure switch should only be available when configuring with
> wincng crypto.
> If that is not possible (autoconf limitations) then enabling the
> option should throw an error when this functionality is not available
> in code.
> Failing silently (ie. not securely zeroing memory) after a successful
> configure of the library with the option enabled isn't really
> acceptable IMO.

thanks for the feedback. I updated configure.ac to produce a warning if
secure clearing/zeroing of memory is unsupported / not available and
expanded the configure summary to look like the following, as an example
for the OpenSSL backend:

configure: summary of build options:

  version: 1.4.4_DEV
  Host type: x86_64-unknown-linux-gnu
  Install prefix: /usr/local
  Compiler: gcc
  Compiler flags: -g -O2
  Library types: Shared=yes, Static=yes
  Crypto library: OpenSSL (AES-CTR: yes)
  Clear memory: unsupported
  Debug build: no
  Build examples: yes
  Path to sshd: /usr/sbin/sshd (only for self-tests)
  zlib compression: yes

Clear memory shows either "yes" (enabled and available), "no" (disabled)
or "unsupported" (unavailable).
Please find the updated patch attached to this email.

Best regards,

libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

  • text/plain attachment: stored
Received on 2014-06-20

the libssh2 team