[Cryptech Tech] CVE-2015-5291: remote heap corruption in ARM mbed TLS / PolarSSL
Peter Stuge
peter at stuge.se
Tue Oct 20 04:25:22 UTC 2015
Paul Selkirk wrote:
> In fact, we may not even end up using mbed per se. I'm keeping an open
> mind, but I'm leaning to Fredrik's model of using the underlying CMSIS
> libraries directly.
And yet another option, maybe even preferable, is to skip all
dependencies outright and simply make a cryptech-specific
minimalistic abstraction for the controller hardware.
(No, for all you who have not done embedded work, that does not
mean having to write a whole operating system. :)
I don't think it would be very many lines of code per platform, and
would have the benefit of very easily supporting more architectures
than just one.
//Peter
More information about the Tech
mailing list