From: Roel Kluin <roel.kluin@gmail.com>
To: Roel Kluin <roel.kluin@gmail.com>
Cc: Brian Gerst <brgerst@gmail.com>,
Mikael Pettersson <mikpe@it.uu.se>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
linux-crypto@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] sha: prevent removal of memset as dead store in sha1_update()
Date: Thu, 25 Feb 2010 21:43:22 +0100 [thread overview]
Message-ID: <4B86E0EA.5080102@gmail.com> (raw)
In-Reply-To: <4B86D3E4.4000205@gmail.com>
> Also from that document:
>
> If you know how large the accessed memory is, you can add it as input or
> output but if this is not known, you should add memory. As an example, if
> you access ten bytes of a string, you can use a memory input like:
>
> {"m"( ({ struct { char x[10]; } *p = (void *)ptr ; *p; }) )}.
>
> does this mean we could use something like:
>
> #define SECURE_BZERO(x) do { \
> memset(x, 0, sizeof(x)); \
> asm("" : :"m"( ({ struct { char __y[ARRAY_SIZE(x)]; } *__z = \
> (void *)x ; *__z; }) )); \
> } while(0)
or rather for not just char arrays:
#define SECURE_BZERO(x) do { \
memset(x, 0, sizeof(x)); \
asm("" :: "m" ( ({ \
struct { \
typeof(x[0]) __y[ARRAY_SIZE(x)];\
} *__z = (void *)x; \
*__z; \
}) )); \
} while(0)
This appears to work in my testcase:
---
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#define SECURE 1
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
#define SECURE_BZERO(x) do { \
memset(x, 0, sizeof(x)); \
asm("" :: "m" ( ({ \
struct { \
typeof(x[0]) __y[ARRAY_SIZE(x)];\
} *__z = (void *)x; \
*__z; \
}) )); \
} while(0)
void foo()
{
char password[] = "secret";
password[0]='S';
printf ("Don't show again: %s\n", password);
#if SECURE == 1
SECURE_BZERO(password);
#else
memset(password, 0, sizeof(password));
#endif
}
void foo1()
{
int nrs[] = {1,1,2,3,4,5,6,7};
nrs[0] = 0;
int i = 8;
printf ("Don't show again:\n");
while (i--)
printf ("%u\n", nrs[i]);
#if SECURE == 1
SECURE_BZERO(nrs);
#else
memset(nrs, 0, sizeof(nrs));
#endif
}
int main(int argc, char* argv[])
{
foo();
int i;
char foo3[] = "";
char* bar = &foo3[0];
for (i = -50; i < 50; i++)
printf ("%c.", bar[i]);
printf("\n\n");
foo1();
int foo4 = 20;
int* ber = &foo4;
for (i = -50; i < 50; i++)
printf ("%u_", ber[i]);
printf("\n");
return 0;
}
prev parent reply other threads:[~2010-02-25 20:43 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-25 15:10 [PATCH] sha: prevent removal of memset as dead store in sha1_update() Roel Kluin
2010-02-25 15:17 ` David Miller
2010-02-25 15:31 ` roel kluin
2010-02-25 15:37 ` David Miller
2010-02-26 11:55 ` Andi Kleen
2010-02-26 14:20 ` Mikael Pettersson
2010-02-26 15:46 ` Mikael Pettersson
2010-02-26 15:55 ` Andi Kleen
2010-02-25 15:56 ` Mikael Pettersson
2010-02-25 16:16 ` Pekka Enberg
2010-02-25 16:29 ` Mikael Pettersson
2010-02-25 16:33 ` roel kluin
2010-02-25 17:06 ` roel kluin
2010-02-25 16:33 ` Brian Gerst
2010-02-25 17:09 ` Mikael Pettersson
2010-02-25 17:32 ` Brian Gerst
2010-02-25 19:47 ` Roel Kluin
2010-02-25 20:43 ` Roel Kluin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B86E0EA.5080102@gmail.com \
--to=roel.kluin@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=brgerst@gmail.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mikpe@it.uu.se \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).