cheng/libsodium
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

memzero(): call the weak function after zeroing

Browse Source 
A weak function cannot be inlined, but even if it's a little bit
far stretched, a compiler could add code taking different paths
according to the callee.

With a weak function called after the zeroing, we can be sure
that the zeroing has to happen.
This commit is contained in:
Frank Denis 2017-07-16 00:48:59 +02:00
parent 30e8a2b231
commit 99f8c19a1b
1 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/libsodium/sodium/utils.c
View File

@ -64,15 +64,11 @@ static unsigned char canary[CANARY_SIZE];
#ifdef HAVE_WEAK_SYMBOLS #ifdef HAVE_WEAK_SYMBOLS
__attribute__((weak)) void __attribute__((weak)) void
_sodium_memzero_as_a_weak_symbol_to_prevent_lto(void *const pnt, _sodium_dummy_symbol_to_prevent_memzero_lto(void *const pnt,
const size_t len) const size_t len)
{ {
unsigned char *pnt_ = (unsigned char *) pnt; (void) pnt;
size_t i = (size_t) 0U; (void) len;
while (i < len) {
pnt_[i++] = 0U;
}
} }
#endif #endif
@ -88,7 +84,13 @@ sodium_memzero(void *const pnt, const size_t len)
#elif defined(HAVE_EXPLICIT_BZERO) #elif defined(HAVE_EXPLICIT_BZERO)
explicit_bzero(pnt, len); explicit_bzero(pnt, len);
#elif HAVE_WEAK_SYMBOLS #elif HAVE_WEAK_SYMBOLS
_sodium_memzero_as_a_weak_symbol_to_prevent_lto(pnt, len); unsigned char *pnt_ = (unsigned char *) pnt;
size_t i = (size_t) 0U;
while (i < len) {
pnt_[i++] = 0U;
}
_sodium_dummy_symbol_to_prevent_memzero_lto(pnt, len);
#else #else
volatile unsigned char *volatile pnt_ = volatile unsigned char *volatile pnt_ =
(volatile unsigned char *volatile) pnt; (volatile unsigned char *volatile) pnt;