tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: crypto_memset (was: Re: Zero it if you're going to copy it out.)

On Tue, 26 Jun 2012, Matthias Drochner wrote:
BTW, did we get the {crypto,safe,secure}:
_memset: not optimized by compiler away,
_memcmp: constant-time memcmp for a given size

I have an implementation of explicit_bzero in my tree.
The name is from OpenBSD. It certainly makes sense to
use a bzero-like API because there is no need to carry
the '0' fill pattern around.
Didn't commit because someone suggested to use memset_s
(from C1x Annex K).

I have an implementation of memset_s. It's fairly intrusive, in that several header files need extra declarations for strange types, and I haven't implemented the constraint handler callbacks.

It's easy to usae volatile pointers to define functions that will not be optinmised away. For example (from a message I sent in Febroary 2012):

         * memset_volatile is a volatile pointer to the memset function.
         * You can call (*memset_volatile)(buf, val, len) or even
         * memset_volatile(buf, val, len) just as you would call
         * memset(buf, val, len), but the use of a volatile pointer
         * guarantees that the compiler will not optimise the call away.
        void * (* volatile memset_volatile)(void *, int, size_t) = memset;

I think I like "explicit_memset" better than "memset_volatile" as the
function name.

--apb (Alan Barrett)

Home | Main Index | Thread Index | Old Index