> Also from that document: > > If you know how large the accessed memory is, you can add it as input or > output but if this is not known, you should add memory. As an example, if > you access ten bytes of a string, you can use a memory input like: > > {"m"( ({ struct { char x[10]; } *p = (void *)ptr ; *p; }) )}. > > does this mean we could use something like: > > #define SECURE_BZERO(x) do { \ > memset(x, 0, sizeof(x)); \ > asm("" : :"m"( ({ struct { char __y[ARRAY_SIZE(x)]; } *__z = \ > (void *)x ; *__z; }) )); \ > } while(0) or rather for not just char arrays: #define SECURE_BZERO(x) do { \ memset(x, 0, sizeof(x)); \ asm("" :: "m" ( ({ \ struct { \ typeof(x[0]) __y[ARRAY_SIZE(x)];\ } *__z = (void *)x; \ *__z; \ }) )); \ } while(0) This appears to work in my testcase: --- #include <stdio.h> #include <string.h> #include <stdlib.h> #define SECURE 1 #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) #define SECURE_BZERO(x) do { \ memset(x, 0, sizeof(x)); \ asm("" :: "m" ( ({ \ struct { \ typeof(x[0]) __y[ARRAY_SIZE(x)];\ } *__z = (void *)x; \ *__z; \ }) )); \ } while(0) void foo() { char password[] = "secret"; password[0]='S'; printf ("Don't show again: %s\n", password); #if SECURE == 1 SECURE_BZERO(password); #else memset(password, 0, sizeof(password)); #endif } void foo1() { int nrs[] = {1,1,2,3,4,5,6,7}; nrs[0] = 0; int i = 8; printf ("Don't show again:\n"); while (i--) printf ("%u\n", nrs[i]); #if SECURE == 1 SECURE_BZERO(nrs); #else memset(nrs, 0, sizeof(nrs)); #endif } int main(int argc, char* argv[]) { foo(); int i; char foo3[] = ""; char* bar = &foo3[0]; for (i = -50; i < 50; i++) printf ("%c.", bar[i]); printf("\n\n"); foo1(); int foo4 = 20; int* ber = &foo4; for (i = -50; i < 50; i++) printf ("%u_", ber[i]); printf("\n"); return 0; } -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html