lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Merge pull request #8144 from daverodgman/zeroize-stronger

Browse Source 
Add more protection to mbedtls_platform_zeroize
This commit is contained in:
Dave Rodgman
2023-09-02 10:59:12 +01:00
committed by GitHub
parent 16a76721b6 fe55320b5c
commit 662c497395
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
library/platform_util.c
View File

@ -125,6 +125,26 @@ void mbedtls_platform_zeroize(void *buf, size_t len)
SecureZeroMemory(buf, len); SecureZeroMemory(buf, len);
#else #else
memset_func(buf, 0, len); memset_func(buf, 0, len);
#endif
#if defined(__GNUC__)
/* For clang and recent gcc, pretend that we have some assembly that reads the
* zero'd memory as an additional protection against being optimised away. */
#if defined(__clang__) || (__GNUC__ >= 10)
#if defined(__clang__)
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wvla"
#elif defined(MBEDTLS_COMPILER_IS_GCC)
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wvla"
#endif
asm volatile ("" : : "m" (*(char (*)[len]) buf) :);
#if defined(__clang__)
#pragma clang diagnostic pop
#elif defined(MBEDTLS_COMPILER_IS_GCC)
#pragma GCC diagnostic pop
#endif
#endif
#endif #endif
} }
} }