Skip to content

Commit

Permalink
GH102: Extra volatile avoids GCC bug
Browse files Browse the repository at this point in the history 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
  • Loading branch information
@richsalz
richsalz authored and Rich Salz committed Jan 31, 2016
1 parent 9716b0b commit 769adcf
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 2 deletions.
4 changes: 3 additions & 1 deletion crypto/cryptlib.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -465,7 +465,9 @@ void OpenSSLDie(const char *file, int line, const char *assertion)
#endif
}

int CRYPTO_memcmp(const volatile void *in_a, const volatile void *in_b, size_t len)
int CRYPTO_memcmp(const volatile void * volatile in_a,
const volatile void * volatile in_b,
size_t len)
{
size_t i;
const volatile unsigned char *a = in_a;
Expand Down
4 changes: 3 additions & 1 deletion include/openssl/crypto.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -542,7 +542,9 @@ int OPENSSL_gmtime_diff(int *pday, int *psec,
* into a defined order as the return value when a != b is undefined, other
* than to be non-zero.
*/
int CRYPTO_memcmp(const volatile void *a, const volatile void *b, size_t len);
int CRYPTO_memcmp(const volatile void * volatile in_a,
const volatile void * volatile in_b,
size_t len);

/* BEGIN ERROR CODES */
/*
Expand Down

3 comments on commit 769adcf

@Dmitry-Me
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This code needs a ton of comments explaining why each volatile is there and how it helps. Otherwise it's just magic which will be broken by the next magician.

@nicowilliams
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

 * We need the pointer arguments to be pointers to volatile objects to disable
 * optimizations that can render this non-constant-time.  Making the pointer
 * arguments themselves volatile works around a bug in some versions of GCC.

I don't think the comments need to go into a spec-quoting analysis of why volatile though. The above should more than suffice.

@Dmitry-Me
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I submitted #606

Please sign in to comment.