From f6640a80f4be19e988fd7426c3f897f4d3f614e4 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Tue, 20 Aug 2013 06:52:03 +0200
Subject: Prevent zero-before-free operations from being optimized out

---
 src/fastd.h                    | 5 +++++
 src/method_aes128_gcm.c        | 2 +-
 src/method_xsalsa20_poly1305.c | 4 ++--
 src/protocol_ec25519_fhmqvc.c  | 2 +-
 4 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/fastd.h b/src/fastd.h
index 723b1e7..efd785a 100644
--- a/src/fastd.h
+++ b/src/fastd.h
@@ -497,4 +497,9 @@ static inline size_t min_size_t(size_t a, size_t b) {
 	return (a < b) ? a : b;
 }
 
+static inline void secure_memzero(void *s, size_t n) {
+	memset(s, 0, n);
+	asm volatile("" : : "m"(s));
+}
+
 #endif /* _FASTD_FASTD_H_ */
diff --git a/src/method_aes128_gcm.c b/src/method_aes128_gcm.c
index f392e2e..3670225 100644
--- a/src/method_aes128_gcm.c
+++ b/src/method_aes128_gcm.c
@@ -150,7 +150,7 @@ static void method_session_free(fastd_context_t *ctx, fastd_method_session_state
 		ctx->conf->crypto_aes128ctr->free_state(ctx, session->cstate_aes128ctr);
 		ctx->conf->crypto_ghash->free_state(ctx, session->cstate_ghash);
 
-		memset(session, 0, sizeof(fastd_method_session_state_t));
+		secure_memzero(session, sizeof(fastd_method_session_state_t));
 		free(session);
 	}
 }
diff --git a/src/method_xsalsa20_poly1305.c b/src/method_xsalsa20_poly1305.c
index 1e26247..9bcf5ed 100644
--- a/src/method_xsalsa20_poly1305.c
+++ b/src/method_xsalsa20_poly1305.c
@@ -131,7 +131,7 @@ static bool method_session_want_refresh(fastd_context_t *ctx, fastd_method_sessi
 
 static void method_session_free(fastd_context_t *ctx UNUSED, fastd_method_session_state_t *session) {
 	if(session) {
-		memset(session, 0, sizeof(fastd_method_session_state_t));
+		secure_memzero(session, sizeof(fastd_method_session_state_t));
 		free(session);
 	}
 }
@@ -180,7 +180,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
 		if (age > ctx->conf->reorder_count)
 			return false;
 	}
-	
+
 	fastd_buffer_pull_head(ctx, &in, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES-NONCEBYTES);
 	memset(in.data, 0, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES);
 
diff --git a/src/protocol_ec25519_fhmqvc.c b/src/protocol_ec25519_fhmqvc.c
index b3bd8a5..b687a91 100644
--- a/src/protocol_ec25519_fhmqvc.c
+++ b/src/protocol_ec25519_fhmqvc.c
@@ -837,7 +837,7 @@ static void protocol_init_peer_state(fastd_context_t *ctx, fastd_peer_t *peer) {
 static void reset_session(fastd_context_t *ctx, protocol_session_t *session) {
 	if (session->method)
 		session->method->session_free(ctx, session->method_state);
-	memset(session, 0, sizeof(protocol_session_t));
+	secure_memzero(session, sizeof(protocol_session_t));
 }
 
 static void protocol_reset_peer_state(fastd_context_t *ctx, fastd_peer_t *peer) {
-- 
cgit v1.2.3