On Thu, Dec 01, 2011 at 05:45:25PM +0000, David Laight wrote: > On Tue, Nov 29, 2011 at 09:23:20PM +0100, Joerg Sonnenberger wrote: > > On Tue, Nov 29, 2011 at 09:09:38PM +0100, Matthias Drochner wrote: > > > Anyway, here is a first cut on an "explicit_bzero" function > > > which doesn't get optimized away. I've put it to src/common > > > because the same thing makes sense in the kernel too. > > > Comments? > > > > Just make it an alias on memset. That's good enough. I think calling it > > something like "secure_memset" or "safe_memset" is better, but opinions > > might differ. > > I'm not sure that 'secure' or 'safe' are good prefixes for any function name. > You need to say WHY is is better.
Well, an alternative idea would be crypto_memset and crypto_memcpy. The former is to avoid DSE, the latter is aimed to have constant run time for fixed size. Joerg
