Re: Avoiding stack buffer clear being optimised out

[Jonathan Wakely <jwakely.gcc@gmail.com>]

On Wed, 30 Nov 2022 at 16:27, Jonny Grant <jg@jguk.org> wrote:
>
> Hello
>
> Does GCC have a clear way to avoid memset being compiled out by optimiser?
>
> This article came up, so I combined the broken.c with GCC
> gcc -Wall -O2 -o broken broken.c
>
> Note, I've been using gcc for many years, I'm not looking for just tips how to compile code. I only want to discuss this optimiser issue :-)
>
> https://blog.cloudflare.com/the-linux-kernel-key-retention-service-and-why-you-should-use-it-in-your-next-application/
>
> If I modify to clear the buffer, it gets removed by the compiler
>
> The only way I could get it to not remove the memset is by adding another printf, (propagating a return code after checking memset wasn't enough)

This is simpler and works for me, but I'm not sure if it's guaranteed
to always work:

__attribute__((noinline,noipa))
void wipe(void* p, size_t n)
{
  memset(p, 0, n);
}

static int encrypt(void)
{
    uint8_t key[] = "hunter2";
    printf("encrypting with super secret key: %s\n", key);
    wipe(key, 8);
}

There is discussion of alternatives in
https://www.open-std.org/jtc1/sc22/wg14/www/docs/n1358.pdf (starting
on page 6).

The memset_s function was added to C in Annex K, but most
implementations of the C library do not support Annex K.