Bug#1023014: ITP: securestring -- Clearing the contents of strings containing cryptographic material

To: Joost van Baal-Ilić <joostvb-debian@ad1810.com>, 1023014@bugs.debian.org
Subject: Bug#1023014: ITP: securestring -- Clearing the contents of strings containing cryptographic material
From: Simon McVittie <smcv@debian.org>
Date: Sat, 29 Oct 2022 11:18:56 +0100
Message-id: <[🔎] Y1z+EO+08vBDLEpp@momentum.pseudorandom.co.uk>
Reply-to: Simon McVittie <smcv@debian.org>, 1023014@bugs.debian.org
In-reply-to: <[🔎] 20221029083407.GD14893@beskar.mdcc.cx>
References: <[🔎] 20221029083407.GD14893@beskar.mdcc.cx> <[🔎] 20221029083407.GD14893@beskar.mdcc.cx>

On Sat, 29 Oct 2022 at 10:34:07 +0200, Joost van Baal-Ilić wrote:
>   Python wrapper around OPENSSL_cleanse() which fills a pointer with a string
>   of 0's, typically used to clear the contents of strings containing
>   cryptographic material.

Does this actually need OpenSSL, or would explicit_bzero() be enough on
platforms that have it? (glibc >= 2.25 is an example of a platform that
has it.)

See also the NOTES in explicit_bzero(3), most or all of which probably
apply equally to OPENSSL_cleanse().

    smcv

Reply to:

References:
- Bug#1023014: ITP: securestring -- Clearing the contents of strings containing cryptographic material
  - From: Joost van Baal-Ilić <joostvb-debian@ad1810.com>

Prev by Date: Bug#1023017: ITP: lomiri-clock-app -- Clock App for Lomiri Operating Environment
Next by Date: Processed: ctypes.sh ITP
Previous by thread: Bug#1023014: ITP: securestring -- Clearing the contents of strings containing cryptographic material
Next by thread: Bug#1023017: ITP: lomiri-clock-app -- Clock App for Lomiri Operating Environment
Index(es):
- Date
- Thread