On Fri, Jun 15, 2018 at 12:41 PM, Yann Ylavic <ylavic....@gmail.com> wrote:
> Hi Christophe,
>
> On Fri, Jun 15, 2018 at 11:17 AM, Christophe JAILLET
> <christophe.jail...@wanadoo.fr> wrote:
>>
>> any plan/interrest in having apr_crypto_memzero() available even if
>> APU_HAVE_CRYPTO is not defined?
>> There are a few places in httpd and in APR that should use this safer
>> memset'ing.
>
> Agreed, apr_crypto_memzero() and apr_crypto_equals() could not depend
> on APU_HAVE_CRYPTO, though still defined/implemented in
> apr_crypto.h/c.
> Unfortunately this was made so in APR-1.6, but from 1.7 I'm +1.
Hmm, actually for APR-1.x where APR and APU and separated, we can't
use APU code in APR, so that'd require to move them to APR.
So there is probably some naming trick to do, e.g.
apr_crypto_{memzero,equals} => apr_consttime_{memzero,equals}, and
then APU functions would call APR ones...
