Hi Peter,
On 19.06.2014 19:57, Peter Stuge wrote:
> The configure switch should only be available when configuring with
> wincng crypto.
>
> If that is not possible (autoconf limitations) then enabling the
> option should throw an error when this functionality is not available
> in code.
>
> Failing silently (ie. not securely zeroing memory) after a successful
> configure of the library with the option enabled isn't really
> acceptable IMO.
thanks for the feedback. I updated configure.ac to produce a warning if
secure clearing/zeroing of memory is unsupported / not available and
expanded the configure summary to look like the following, as an example
for the OpenSSL backend:
configure: summary of build options:
version: 1.4.4_DEV
Host type: x86_64-unknown-linux-gnu
Install prefix: /usr/local
Compiler: gcc
Compiler flags: -g -O2
Library types: Shared=yes, Static=yes
Crypto library: OpenSSL (AES-CTR: yes)
Clear memory: unsupported
Debug build: no
Build examples: yes
Path to sshd: /usr/sbin/sshd (only for self-tests)
zlib compression: yes
Clear memory shows either "yes" (enabled and available), "no" (disabled)
or "unsupported" (unavailable).
Please find the updated patch attached to this email.
Best regards,
Marc
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel