Re: [PATCH] sha: prevent removal of memset as dead store in sha1_update()

From: Roel Kluin
Date: Thu Feb 25 2010 - 15:43:34 EST

Next message: William Allen Simpson: "[PATCH v5 3/7] tcp: harmonize tcp_vx_rcv header length assumptions"
Previous message: Ben Hutchings: "Re: [PATCH 0/7] tcp: bugs and cleanup for 2.6.33"
In reply to: Roel Kluin: "Re: [PATCH] sha: prevent removal of memset as dead store in sha1_update()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Also from that document:
>
> If you know how large the accessed memory is, you can add it as input or
> output but if this is not known, you should add memory. As an example, if
> you access ten bytes of a string, you can use a memory input like:
>
> {"m"( ({ struct { char x[10]; } *p = (void *)ptr ; *p; }) )}.
>
> does this mean we could use something like:
>
> #define SECURE_BZERO(x) do { \
> memset(x, 0, sizeof(x)); \
> asm("" : :"m"( ({ struct { char __y[ARRAY_SIZE(x)]; } *__z = \
> (void *)x ; *__z; }) )); \
> } while(0)

or rather for not just char arrays:

#define SECURE_BZERO(x) do { \
memset(x, 0, sizeof(x)); \
asm("" :: "m" ( ({ \
struct { \
typeof(x[0]) __y[ARRAY_SIZE(x)];\
} *__z = (void *)x; \
*__z; \
}) )); \
} while(0)

This appears to work in my testcase:
---
#include <stdio.h>
#include <string.h>
#include <stdlib.h>

#define SECURE 1

#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))

#define SECURE_BZERO(x) do { \
memset(x, 0, sizeof(x)); \
asm("" :: "m" ( ({ \
struct { \
typeof(x[0]) __y[ARRAY_SIZE(x)];\
} *__z = (void *)x; \
*__z; \
}) )); \
} while(0)

void foo()
{
char password[] = "secret";
password[0]='S';
printf ("Don't show again: %s\n", password);
#if SECURE == 1
SECURE_BZERO(password);
#else
memset(password, 0, sizeof(password));
#endif
}

void foo1()
{
int nrs[] = {1,1,2,3,4,5,6,7};
nrs[0] = 0;
int i = 8;
printf ("Don't show again:\n");
while (i--)
printf ("%u\n", nrs[i]);
#if SECURE == 1
SECURE_BZERO(nrs);
#else
memset(nrs, 0, sizeof(nrs));
#endif
}

int main(int argc, char* argv[])
{

foo();
int i;
char foo3[] = "";
char* bar = &foo3[0];
for (i = -50; i < 50; i++)
printf ("%c.", bar[i]);
printf("\n\n");

foo1();
int foo4 = 20;
int* ber = &foo4;
for (i = -50; i < 50; i++)
printf ("%u_", ber[i]);
printf("\n");
return 0;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: William Allen Simpson: "[PATCH v5 3/7] tcp: harmonize tcp_vx_rcv header length assumptions"
Previous message: Ben Hutchings: "Re: [PATCH 0/7] tcp: bugs and cleanup for 2.6.33"
In reply to: Roel Kluin: "Re: [PATCH] sha: prevent removal of memset as dead store in sha1_update()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]