[gnutls-devel] GnuTLS | gnutls_memset: use explicit_bzero (d087db43)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Aug 8 15:08:54 CEST 2018


Nikos Mavrogiannopoulos commented on a discussion on lib/safe-memfuncs.c:

>   * This function will operate similarly to memset(), but will
>   * not be optimized out by the compiler.
>   *
> - * Returns: void.
> - *
>   * Since: 3.4.0
>   **/
>  void gnutls_memset(void *data, int c, size_t size)
>  {
> -	volatile unsigned volatile_zero = 0;
> +	volatile unsigned volatile_zero;
>  	volatile char *vdata = (volatile char*)data;
> +#ifdef HAVE_EXPLICIT_BZERO
> +	if (c == 0) {
> +		explicit_bzero(data, size);

According to manpage:
```
It differs from bzero() in that it guarantees that compiler optimizations will not remove the erase operation if the compiler deduces that the operation is "unnecessary".
```
Implementation wise it adds a barrier after memset().
https://code.woboq.org/userspace/glibc/string/explicit_bzero.c.html


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/commit/d087db43e07c9b9df115ae9467bede5fa796c302#note_93287236
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180808/0a94e9cf/attachment-0001.html>


More information about the Gnutls-devel mailing list