From ac3cf7c20b7df97293de6f1286e1dce4e181ef58 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 31 Aug 2023 15:19:38 +0100 Subject: [PATCH 1/4] Add more protection to mbedtls_platform_zeroize Signed-off-by: Dave Rodgman --- library/platform_util.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/platform_util.c b/library/platform_util.c index 63b7c4152e..d4574f459e 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -125,6 +125,15 @@ void mbedtls_platform_zeroize(void *buf, size_t len) SecureZeroMemory(buf, len); #else memset_func(buf, 0, len); +#endif + +#if defined(__GNUC__) + /* For clang and gcc, pretend that we have some assembly that reads the + * zero'd memory as an additional protection against being optimised away. */ +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wvla" + asm volatile ("" : : "m" (*(char (*)[len]) buf) : ); +#pragma clang diagnostic pop #endif } } From ba67451562cdf5c7956d3063f9519018af54eb3c Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 1 Sep 2023 10:14:46 +0100 Subject: [PATCH 2/4] Fix gcc compile warnings Signed-off-by: Dave Rodgman --- library/platform_util.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/platform_util.c b/library/platform_util.c index d4574f459e..06c7820844 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -130,10 +130,19 @@ void mbedtls_platform_zeroize(void *buf, size_t len) #if defined(__GNUC__) /* For clang and gcc, pretend that we have some assembly that reads the * zero'd memory as an additional protection against being optimised away. */ +#if defined(__clang__) #pragma clang diagnostic push #pragma clang diagnostic ignored "-Wvla" +#elif defined(MBEDTLS_COMPILER_IS_GCC) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wvla" +#endif asm volatile ("" : : "m" (*(char (*)[len]) buf) : ); +#if defined(__clang__) #pragma clang diagnostic pop +#elif defined(MBEDTLS_COMPILER_IS_GCC) +#pragma GCC diagnostic pop +#endif #endif } } From 5f6060a1f3a5cd45ad5db71aec6974d16f478dd5 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 1 Sep 2023 11:00:58 +0100 Subject: [PATCH 3/4] Code style Signed-off-by: Dave Rodgman --- library/platform_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/platform_util.c b/library/platform_util.c index 06c7820844..cfd982e4d2 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -137,7 +137,7 @@ void mbedtls_platform_zeroize(void *buf, size_t len) #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wvla" #endif - asm volatile ("" : : "m" (*(char (*)[len]) buf) : ); + asm volatile ("" : : "m" (*(char (*)[len]) buf) :); #if defined(__clang__) #pragma clang diagnostic pop #elif defined(MBEDTLS_COMPILER_IS_GCC) From fe55320b5c5563ff8bc62a8eb64d681e8a26905e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 1 Sep 2023 11:15:28 +0100 Subject: [PATCH 4/4] Avoid error from old gcc version Signed-off-by: Dave Rodgman --- library/platform_util.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/platform_util.c b/library/platform_util.c index cfd982e4d2..09216edfbc 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -128,8 +128,9 @@ void mbedtls_platform_zeroize(void *buf, size_t len) #endif #if defined(__GNUC__) - /* For clang and gcc, pretend that we have some assembly that reads the + /* For clang and recent gcc, pretend that we have some assembly that reads the * zero'd memory as an additional protection against being optimised away. */ +#if defined(__clang__) || (__GNUC__ >= 10) #if defined(__clang__) #pragma clang diagnostic push #pragma clang diagnostic ignored "-Wvla" @@ -143,6 +144,7 @@ void mbedtls_platform_zeroize(void *buf, size_t len) #elif defined(MBEDTLS_COMPILER_IS_GCC) #pragma GCC diagnostic pop #endif +#endif #endif } }