Example 1 - avoid optimizing out stack variable clearing by using an __attribute__

isle2983 · isle2983 · commit 72c0ebbea413 · 2017-01-29T14:46:57.000-07:00
diff --git a/src/ecmult_gen_impl.h b/src/ecmult_gen_impl.h
@@ -150,7 +150,7 @@ static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context *ctx, secp25
         secp256k1_ge_from_storage(&add, &adds);
         secp256k1_gej_add_ge(r, r, &add);
     }
-    bits = 0;
+    secp256k1_int_clear(&bits);
     secp256k1_ge_clear(&add);
     secp256k1_scalar_clear(&gnb);
 }
diff --git a/src/group_impl.h b/src/group_impl.h
@@ -7,6 +7,7 @@
 #ifndef _SECP256K1_GROUP_IMPL_H_
 #define _SECP256K1_GROUP_IMPL_H_
 
+#include <string.h>
 #include "num.h"
 #include "field.h"
 #include "group.h"
@@ -213,6 +214,14 @@ static void secp256k1_ge_clear(secp256k1_ge *r) {
     secp256k1_fe_clear(&r->y);
 }
 
+static void __attribute__((optimize("O0"))) secp256k1_secure_clear(void *s, size_t n) {
+    (void) memset(s, 0, n);
+}
+
+static void secp256k1_int_clear(int *r) {
+    secp256k1_secure_clear(r, sizeof(*r));
+}
+
 static int secp256k1_ge_set_xquad(secp256k1_ge *r, const secp256k1_fe *x) {
     secp256k1_fe x2, x3, c;
     r->x = *x;

Original file line number	Diff line number	Diff line change
`@@ -150,7 +150,7 @@ static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context *ctx, secp25`
`150`	`150`	`secp256k1_ge_from_storage(&add, &adds);`
`151`	`151`	`secp256k1_gej_add_ge(r, r, &add);`
`152`	`152`	`}`
`153`		`- bits = 0;`
	`153`	`+ secp256k1_int_clear(&bits);`
`154`	`154`	`secp256k1_ge_clear(&add);`
`155`	`155`	`secp256k1_scalar_clear(&gnb);`
`156`	`156`	`}`