From d1cf6d68cc700c6b839787a0c520bcd9106f962f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 13:42:44 +0100 Subject: [PATCH] Prevent clever optimization to prematurely quit loop in safe memcmp The previous version of `ssl_safer_memcmp` did not qualify the pointers to the arrays to be compared as volatile, theoretically opening the possibility for the compiler to notice that the loop operation `diff |= A[i] ^ B[i]` is pointless if `diff = -1`. This commit changes this. It also declares the stack variable `diff` as volatile, to force read and write in every loop; omitting that, the compiler would still be allowed to get away with reading `A[i]` and `B[i]` but not doing the XOR and not updating `diff`. --- include/polarssl/ssl.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 4a01bbf4c8..3a0ac12d2a 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -2053,9 +2053,9 @@ int ssl_check_cert_usage( const x509_crt *cert, static inline int safer_memcmp( const void *a, const void *b, size_t n ) { size_t i; - const unsigned char *A = (const unsigned char *) a; - const unsigned char *B = (const unsigned char *) b; - unsigned char diff = 0; + volatile const unsigned char *A = (volatile const unsigned char *) a; + volatile const unsigned char *B = (volatile const unsigned char *) b; + volatile unsigned char diff = 0; for( i = 0; i < n; i++ ) diff |= A[i] ^ B[i];