kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit 045beb86222202e382320cdff6ce7ed332dfd7b0
parent 722a0eca215aa9cb9f0487643fa303832810042c
Author: Joris Vink <joris@coders.se>
Date:   Fri, 18 Feb 2022 11:13:01 +0100

add kore_mem_zero().

use it in places explicit_bzero() used to be called.

The kore_mem_zero() is a best effort to try and let the compiler
not optimize the code away. Highly platform dependent.

Diffstat:
include/kore/kore.h | 1+
src/mem.c | 14++++++++++++++
src/sha1.c | 3++-
src/sha2.c | 7++++---
4 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/include/kore/kore.h b/include/kore/kore.h @@ -909,6 +909,7 @@ void kore_mem_init(void); void kore_mem_cleanup(void); void kore_mem_untag(void *); void *kore_mem_lookup(u_int32_t); +void kore_mem_zero(void *, size_t); void kore_mem_tag(void *, u_int32_t); void *kore_malloc_tagged(size_t, u_int32_t); diff --git a/src/mem.c b/src/mem.c @@ -264,6 +264,20 @@ kore_mem_lookup(u_int32_t id) return (NULL); } +/* Best effort to try and let the compiler not optimize this call away. */ +void +kore_mem_zero(void *ptr, size_t len) +{ + volatile char *p; + + p = (volatile char *)ptr; + + if (p != NULL) { + while (len-- > 0) + *(p)++ = 0x00; + } +} + static size_t memblock_index(size_t len) { diff --git a/src/sha1.c b/src/sha1.c @@ -17,6 +17,7 @@ #include <sys/types.h> #include <string.h> +#include "kore.h" #include "sha1.h" #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) @@ -167,5 +168,5 @@ SHA1Final(u_int8_t digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context) ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); } - //explicit_bzero(context, sizeof(*context)); + kore_mem_zero(context, sizeof(*context)); } diff --git a/src/sha2.c b/src/sha2.c @@ -45,6 +45,7 @@ #include <endian.h> #endif +#include "kore.h" #include "sha2.h" /* @@ -551,7 +552,7 @@ SHA256Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *context) #else memcpy(digest, context->state.st32, SHA256_DIGEST_LENGTH); #endif - //explicit_bzero(context, sizeof(*context)); + kore_mem_zero(context, sizeof(*context)); } @@ -827,7 +828,7 @@ SHA512Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *context) #else memcpy(digest, context->state.st64, SHA512_DIGEST_LENGTH); #endif - //explicit_bzero(context, sizeof(*context)); + kore_mem_zero(context, sizeof(*context)); } /*** SHA-384: *********************************************************/ @@ -874,5 +875,5 @@ SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context) memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH); #endif /* Zero out state data */ - //explicit_bzero(context, sizeof(*context)); + kore_mem_zero(context, sizeof(*context)); }