tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Adding memset_s function

On Fri, 24 Feb 2012, Alan Barrett wrote:
For some time now, I have wanted a function to zero a block of memory, with a guarantee that the compiler will not optimise it away and do nothing.

Regardless of whether or not we add memset_s, perhaps we should add something like this to libc:

         * memset_volatile is a volatile pointer to the memset function.
         * You can call (*memset_volatile)(buf, val, len) or even
         * memset_volatile(buf, val, len) just as you would call
         * memset(buf, val, len), but the use of a volatile pointer
         * guarantees that the compiler will not optimise the call away.
        void * (* volatile memset_volatile)(void *, int, size_t) = memset;

There are several places where we use memset(buf, 0, len) to clear a buffer that contains sensitive information (e.g. a password, or crypto key), and changing them to use memset_volatile(buf, 0, len) instead would ensure that the compiler does not optimise the calls away.

--apb (Alan Barrett)

Home | Main Index | Thread Index | Old Index