lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4B86E0EA.5080102@gmail.com>
Date:	Thu, 25 Feb 2010 21:43:22 +0100
From:	Roel Kluin <roel.kluin@...il.com>
To:	Roel Kluin <roel.kluin@...il.com>
CC:	Brian Gerst <brgerst@...il.com>,
	Mikael Pettersson <mikpe@...uu.se>,
	Herbert Xu <herbert@...dor.apana.org.au>,
	"David S. Miller" <davem@...emloft.net>,
	linux-crypto@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] sha: prevent removal of memset as dead store in 	sha1_update()

> Also from that document:
> 
> If you know how large the accessed memory is, you can add it as input or
> output but if this is not known, you should add memory. As an example, if
> you access ten bytes of a string, you can use a memory input like:
> 
>      {"m"( ({ struct { char x[10]; } *p = (void *)ptr ; *p; }) )}.
> 
> does this mean we could use something like:
> 
> #define SECURE_BZERO(x) do {                                            \
>         memset(x, 0, sizeof(x));                                        \
>         asm("" : :"m"( ({ struct { char __y[ARRAY_SIZE(x)]; } *__z =    \
>                                         (void *)x ; *__z; }) ));        \
> } while(0)

or rather for not just char arrays:

#define SECURE_BZERO(x) do {                                    \
        memset(x, 0, sizeof(x));                                \
        asm("" :: "m" ( ({                                      \
                        struct {                                \
                                typeof(x[0]) __y[ARRAY_SIZE(x)];\
                        } *__z = (void *)x;                     \
                        *__z;                                   \
                }) ));                                          \
} while(0)

This appears to work in my testcase:
---
#include <stdio.h>
#include <string.h>
#include <stdlib.h>

#define SECURE 1

#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))

#define SECURE_BZERO(x) do {					\
	memset(x, 0, sizeof(x));				\
	asm("" :: "m" ( ({					\
			struct {				\
				typeof(x[0]) __y[ARRAY_SIZE(x)];\
			} *__z = (void *)x;			\
			*__z;					\
		}) ));						\
} while(0)

void foo()
{
	char password[] = "secret";
	password[0]='S';
	printf ("Don't show again: %s\n", password);
#if SECURE == 1
	SECURE_BZERO(password);
#else
	memset(password, 0, sizeof(password));
#endif
}

void foo1()
{
	int nrs[] = {1,1,2,3,4,5,6,7};
	nrs[0] = 0;
	int i = 8;
	printf ("Don't show again:\n");
	while (i--)
		printf ("%u\n", nrs[i]);
#if SECURE == 1
	SECURE_BZERO(nrs);
#else
	memset(nrs, 0, sizeof(nrs));
#endif
}

int main(int argc, char* argv[])
{

	foo();
	int i;
	char foo3[] = "";
	char* bar = &foo3[0];
	for (i = -50; i < 50; i++)
		printf ("%c.", bar[i]);
	printf("\n\n");

	foo1();
	int foo4 = 20;
	int* ber = &foo4;
	for (i = -50; i < 50; i++)
		printf ("%u_", ber[i]);
	printf("\n");
	return 0;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ