[Cryptech Tech] CVE-2015-5291: remote heap corruption in ARM mbed TLS / PolarSSL

Peter Stuge peter at stuge.se
Tue Oct 20 04:25:22 UTC 2015


Paul Selkirk wrote:
> In fact, we may not even end up using mbed per se. I'm keeping an open
> mind, but I'm leaning to Fredrik's model of using the underlying CMSIS
> libraries directly.

And yet another option, maybe even preferable, is to skip all
dependencies outright and simply make a cryptech-specific
minimalistic abstraction for the controller hardware.

(No, for all you who have not done embedded work, that does not
mean having to write a whole operating system. :)

I don't think it would be very many lines of code per platform, and
would have the benefit of very easily supporting more architectures
than just one.


//Peter


More information about the Tech mailing list