Marc Hoersken wrote:
> > enabling the option should throw an error when this functionality
> > is not available
>
> thanks for the feedback. I updated configure.ac to produce a warning if
> secure clearing/zeroing of memory is unsupported / not available
I think a warning is appropriate when the --enable option was not
explicitly specified.
I think an error is neccessary when --enable *was* specified, but
support is unavailable.
> and expanded the configure summary to look like the following,
> as an example for the OpenSSL backend:
>
> configure: summary of build options:
>
> version: 1.4.4_DEV
> Host type: x86_64-unknown-linux-gnu
> Install prefix: /usr/local
> Compiler: gcc
> Compiler flags: -g -O2
> Library types: Shared=yes, Static=yes
> Crypto library: OpenSSL (AES-CTR: yes)
> Clear memory: unsupported
Looks great!
> +++ b/configure.ac
> @@ -197,6 +197,21 @@ if test "$GEX_NEW" != "no"; then
> AC_DEFINE(LIBSSH2_DH_GEX_NEW, 1, [Enable newer diffie-hellman-group-exchange-sha1 syntax])
> fi
>
> +AC_ARG_ENABLE(clear-memory,
> + AC_HELP_STRING([--disable-clear-memory],[Disable clearing of memory before being freed]),
> + [CLEAR_MEMORY=$enableval])
> +if test "$ac_cv_libbcrypt" = "yes"; then
Please don't add a new list of crypto backends to maintain. I'd
suggest to instead introduce an abstraction such as
$support_clear_memory which is set to no by default and set to yes by
backends supporting this functionality.
The above check would then inspect only that variable.
Thanks
//Peter
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel