tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: crypto_memset (was: Re: Zero it if you're going to copy it out.)
On Tue, 26 Jun 2012, Matthias Drochner wrote:
BTW, did we get the {crypto,safe,secure}:
_memset: not optimized by compiler away,
_memcmp: constant-time memcmp for a given size
I have an implementation of explicit_bzero in my tree.
The name is from OpenBSD. It certainly makes sense to
use a bzero-like API because there is no need to carry
the '0' fill pattern around.
Didn't commit because someone suggested to use memset_s
(from C1x Annex K).
I have an implementation of memset_s. It's fairly intrusive, in
that several header files need extra declarations for strange
types, and I haven't implemented the constraint handler callbacks.
It's easy to usae volatile pointers to define functions that will
not be optinmised away. For example (from a message I sent in
Febroary 2012):
/*
* memset_volatile is a volatile pointer to the memset function.
* You can call (*memset_volatile)(buf, val, len) or even
* memset_volatile(buf, val, len) just as you would call
* memset(buf, val, len), but the use of a volatile pointer
* guarantees that the compiler will not optimise the call away.
*/
void * (* volatile memset_volatile)(void *, int, size_t) = memset;
I think I like "explicit_memset" better than "memset_volatile" as the
function name.
--apb (Alan Barrett)
Home |
Main Index |
Thread Index |
Old Index