verw and l1d_fence have no costs. lfence is a bit costly, mfence is basically an lfence + sfence. it flushes both caches, load and store.
safe libs need to do the right thing, not the fast thing. esp. crypto.
The attitude of libc and crypto maintainers is that you cannot trust them with security. all the memzero's are insecure. besides being overly complicated and slow.
Linux is a bit better, but there are still estimated 20.000 security relevant bugs.
safe libs need to do the right thing, not the fast thing. esp. crypto.
The attitude of libc and crypto maintainers is that you cannot trust them with security. all the memzero's are insecure. besides being overly complicated and slow. Linux is a bit better, but there are still estimated 20.000 security relevant bugs.