> Also from that document:
>
> If you know how large the accessed memory is, you can add it as input or
> output but if this is not known, you should add memory. As an example, if
> you access ten bytes of a string, you can use a memory input like:
>
> {"m"( ({ struct { char x[10]; } *p = (void *)ptr ; *p; }) )}.
>
> does this mean we could use something like:
>
> #define SECURE_BZERO(x) do { \
> memset(x, 0, sizeof(x)); \
> asm("" : :"m"( ({ struct { char __y[ARRAY_SIZE(x)]; } *__z = \
> (void *)x ; *__z; }) )); \
> } while(0)
or rather for not just char arrays:
#define SECURE_BZERO(x) do { \
memset(x, 0, sizeof(x)); \
asm("" :: "m" ( ({ \
struct { \
typeof(x[0]) __y[ARRAY_SIZE(x)];\
} *__z = (void *)x; \
*__z; \
}) )); \
} while(0)
This appears to work in my testcase:
---
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#define SECURE 1
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
#define SECURE_BZERO(x) do { \
memset(x, 0, sizeof(x)); \
asm("" :: "m" ( ({ \
struct { \
typeof(x[0]) __y[ARRAY_SIZE(x)];\
} *__z = (void *)x; \
*__z; \
}) )); \
} while(0)
void foo()
{
char password[] = "secret";
password[0]='S';
printf ("Don't show again: %s\n", password);
#if SECURE == 1
SECURE_BZERO(password);
#else
memset(password, 0, sizeof(password));
#endif
}
void foo1()
{
int nrs[] = {1,1,2,3,4,5,6,7};
nrs[0] = 0;
int i = 8;
printf ("Don't show again:\n");
while (i--)
printf ("%u\n", nrs[i]);
#if SECURE == 1
SECURE_BZERO(nrs);
#else
memset(nrs, 0, sizeof(nrs));
#endif
}
int main(int argc, char* argv[])
{
foo();
int i;
char foo3[] = "";
char* bar = &foo3[0];
for (i = -50; i < 50; i++)
printf ("%c.", bar[i]);
printf("\n\n");
foo1();
int foo4 = 20;
int* ber = &foo4;
for (i = -50; i < 50; i++)
printf ("%u_", ber[i]);
printf("\n");
return 0;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
