Re: crypto_memset (was: Re: Zero it if you're going to copy it out.)

[Alan Barrett <apb%cequrux.com@localhost>]

On Tue, 26 Jun 2012, Matthias Drochner wrote:
> > BTW, did we get the {crypto,safe,secure}:
> > _memset: not optimized by compiler away,
> > _memcmp: constant-time memcmp for a given size
>
> I have an implementation of explicit_bzero in my tree.
> The name is from OpenBSD. It certainly makes sense to
> use a bzero-like API because there is no need to carry
> the '0' fill pattern around.
> Didn't commit because someone suggested to use memset_s
> (from C1x Annex K).

I have an implementation of memset_s.  It's fairly intrusive, in 
that several header files need extra declarations for strange 
types, and I haven't implemented the constraint handler callbacks.

It's easy to usae volatile pointers to define functions that will 
not be optinmised away.  For example (from a message I sent in 
Febroary 2012):

        /*
         * memset_volatile is a volatile pointer to the memset function.
         * You can call (*memset_volatile)(buf, val, len) or even
         * memset_volatile(buf, val, len) just as you would call
         * memset(buf, val, len), but the use of a volatile pointer
         * guarantees that the compiler will not optimise the call away.
         */
        void * (* volatile memset_volatile)(void *, int, size_t) = memset;

I think I like "explicit_memset" better than "memset_volatile" as the
function name.

--apb (Alan Barrett)