Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think some of this rant is invalid.

If you look at the portable versions of their products they tend to ship a chunk of the OpenBSD library implementation with them to give consistency guarantees.

Perhaps we need a consistent OpenBSD platform abstraction layer that gives solid guarantees?



Most is invalid in principle, perhaps not in practice (stupid as that is):

1. Ye shall use C11 memset_s().

2. Ye shall (as you note) use a reallocarray() with OpenBSD-like (ANSI C) wrap checking.

3. Ye shall use /dev/urandom on Linux (I know you guys love him, see https://news.ycombinator.com/item?id=7361868 by tptacek)

4. Also, timingsafe_bcmp() is 3 lines of ANSI C99 code (minus variable and function declarations), include it with the code (as you note).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: