Re: Adding memset_s function

To: tech-userlevel%NetBSD.org@localhost
Subject: Re: Adding memset_s function
From: Alan Barrett <apb%cequrux.com@localhost>
Date: Sat, 25 Feb 2012 18:50:48 +0200

On Fri, 24 Feb 2012, Alan Barrett wrote:

For some time now, I have wanted a function to zero a block of memory,with a guarantee that the compiler will not optimise it away and donothing.

Regardless of whether or not we add memset_s, perhaps we shouldadd something like this to libc:


        /*
         * memset_volatile is a volatile pointer to the memset function.
         * You can call (*memset_volatile)(buf, val, len) or even
         * memset_volatile(buf, val, len) just as you would call
         * memset(buf, val, len), but the use of a volatile pointer
         * guarantees that the compiler will not optimise the call away.
         */
        void * (* volatile memset_volatile)(void *, int, size_t) = memset;

There are several places where we use memset(buf, 0, len) to cleara buffer that contains sensitive information (e.g. a password, orcrypto key), and changing them to use memset_volatile(buf, 0, len)instead would ensure that the compiler does not optimise the callsaway.


--apb (Alan Barrett)

References:
- Adding memset_s function
  - From: Alan Barrett

Prev by Date: Re: [6.0_BETA] cprng xxx: WARNING insufficient entropy at creation.
Next by Date: Re: [6.0_BETA] cprng xxx: WARNING insufficient entropy at creation.
Previous by Thread: Re: Adding memset_s function
Next by Thread: Re: 5.1 vs. 6.0_BETA
Indexes:

Home | Main Index | Thread Index | Old Index