Debian considers switching curl to use libssh instead of libssh2

Andreas Schneider asn at cryptomilk.org
Wed Jan 5 16:05:44 CET 2022


On Tuesday, January 4, 2022 6:05:05 PM CET Will Cosgrove via libssh2-devel 
wrote:
> We do zero some sensitive data, but could be reviewed for completeness.

I don't know how you exactly zero sensitive data, but be aware that if you do:

memset()
free()

The optimizer will optimize away the memset(). You either use explicit_bzero() 
or protect the memset() with additional assembler code. There is also 
memset_s() or memset_secure() on some platforms.


	Andreas

-- 
Andreas Schneider                 asn at cryptomilk.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D




More information about the libssh2-devel mailing list