Marc Hoersken wrote: > > enabling the option should throw an error when this functionality > > is not available > > thanks for the feedback. I updated configure.ac to produce a warning if > secure clearing/zeroing of memory is unsupported / not available
I think a warning is appropriate when the --enable option was not explicitly specified. I think an error is neccessary when --enable *was* specified, but support is unavailable. > and expanded the configure summary to look like the following, > as an example for the OpenSSL backend: > > configure: summary of build options: > > version: 1.4.4_DEV > Host type: x86_64-unknown-linux-gnu > Install prefix: /usr/local > Compiler: gcc > Compiler flags: -g -O2 > Library types: Shared=yes, Static=yes > Crypto library: OpenSSL (AES-CTR: yes) > Clear memory: unsupported Looks great! > +++ b/configure.ac > @@ -197,6 +197,21 @@ if test "$GEX_NEW" != "no"; then > AC_DEFINE(LIBSSH2_DH_GEX_NEW, 1, [Enable newer > diffie-hellman-group-exchange-sha1 syntax]) > fi > > +AC_ARG_ENABLE(clear-memory, > + AC_HELP_STRING([--disable-clear-memory],[Disable clearing of memory before > being freed]), > + [CLEAR_MEMORY=$enableval]) > +if test "$ac_cv_libbcrypt" = "yes"; then Please don't add a new list of crypto backends to maintain. I'd suggest to instead introduce an abstraction such as $support_clear_memory which is set to no by default and set to yes by backends supporting this functionality. The above check would then inspect only that variable. Thanks //Peter
pgppOdWUeO2W2.pgp
Description: PGP signature
_______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
