]> iEval git - authen-passphrase-scrypt.git/blame_incremental - scrypt-1.2.1/libcperciva/util/insecure_memzero.h
Bump version and update Changes
[authen-passphrase-scrypt.git] / scrypt-1.2.1 / libcperciva / util / insecure_memzero.h
... / ...
CommitLineData
1#ifndef _INSECURE_MEMZERO_H_
2#define _INSECURE_MEMZERO_H_
3
4#include <stddef.h>
5
6/* Pointer to memory-zeroing function. */
7extern void (* volatile insecure_memzero_ptr)(volatile void *, size_t);
8
9/**
10 * insecure_memzero(buf, len):
11 * Attempt to zero ${len} bytes at ${buf} in spite of optimizing compilers'
12 * best (standards-compliant) attempts to remove the buffer-zeroing. In
13 * particular, to avoid performing the zeroing, a compiler would need to
14 * use optimistic devirtualization; recognize that non-volatile objects do not
15 * need to be treated as volatile, even if they are accessed via volatile
16 * qualified pointers; and perform link-time optimization; in addition to the
17 * dead-code elimination which often causes buffer-zeroing to be elided.
18 *
19 * Note however that zeroing a buffer does not guarantee that the data held
20 * in the buffer is not stored elsewhere; in particular, there may be copies
21 * held in CPU registers or in anonymous allocations on the stack, even if
22 * every named variable is successfully sanitized. Solving the "wipe data
23 * from the system" problem will require a C language extension which does not
24 * yet exist.
25 *
26 * For more information, see:
27 * http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html
28 * http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html
29 */
30static inline void
31insecure_memzero(volatile void * buf, size_t len)
32{
33
34 (insecure_memzero_ptr)(buf, len);
35}
36
37#endif /* !_INSECURE_MEMZERO_H_ */
This page took 0.021673 seconds and 4 git commands to generate.