-
Notifications
You must be signed in to change notification settings - Fork 1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update the function with good practices
Signed-off-by: Harshil Jani <[email protected]>
- Loading branch information
1 parent
27674f4
commit 51ff9bd
Showing
4 changed files
with
29 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -71,3 +71,32 @@ static void print_hex(unsigned char* data, size_t size) { | |
} | ||
printf("\n"); | ||
} | ||
|
||
#if defined(_MSC_VER) | ||
// For SecureZeroMemory | ||
#include <Windows.h> | ||
#endif | ||
/* Cleanses memory to prevent leaking sensitive info. Won't be optimized out. */ | ||
static SECP256K1_INLINE void secure_erase(void *ptr, size_t len) { | ||
#if defined(_MSC_VER) | ||
/* SecureZeroMemory is guaranteed not to be optimized out by MSVC. */ | ||
SecureZeroMemory(ptr, len); | ||
#elif defined(__GNUC__) | ||
/* We use a memory barrier that scares the compiler away from optimizing out the memset. | ||
* | ||
* Quoting Adam Langley <[email protected]> in commit ad1907fe73334d6c696c8539646c21b11178f20f | ||
* in BoringSSL (ISC License): | ||
* As best as we can tell, this is sufficient to break any optimisations that | ||
* might try to eliminate "superfluous" memsets. | ||
* This method used in memzero_explicit() the Linux kernel, too. Its advantage is that it is | ||
* pretty efficient, because the compiler can still implement the memset() efficently, | ||
* just not remove it entirely. See "Dead Store Elimination (Still) Considered Harmful" by | ||
* Yang et al. (USENIX Security 2017) for more background. | ||
*/ | ||
memset(ptr, 0, len); | ||
__asm__ __volatile__("" : : "r"(ptr) : "memory"); | ||
#else | ||
void *(*volatile const volatile_memset)(void *, int, size_t) = memset; | ||
volatile_memset(ptr, 0, len); | ||
#endif | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters