From eb507efba8e2333a284a2a79638f729bdc35c502 Mon Sep 17 00:00:00 2001 From: Dmitry-Me Date: Mon, 1 Feb 2016 11:48:28 +0300 Subject: [PATCH] Comment "secure memcmp" implementation Signed-off-by: Rich Salz Reviewed-by: Tim Hudson --- crypto/cryptlib.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index d31734068b..bd58d35757 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -465,6 +465,23 @@ void OpenSSLDie(const char *file, int line, const char *assertion) #endif } +/* volatile unsigned char* pointers are there because + * 1. Accessing a variable declared volatile via a pointer + * that lacks a volatile qualifier causes undefined behavior. + * 2. When the variable itself is not volatile the compiler is + * not required to keep all those reads and can convert + * this into canonical memcmp() which doesn't read the whole block. + * Pointers to volatile resolve the first problem fully. The second + * problem cannot be resolved in any Standard-compliant way but this + * works the problem around. Compilers typically react to + * pointers to volatile by preserving the reads and writes through them. + * The latter is not required by the Standard if the memory pointed to + * is not volatile. + * Pointers themselves are volatile in the function signature to work + * around a subtle bug in gcc 4.6+ which causes writes through + * pointers to volatile to not be emitted in some rare, + * never needed in real life, pieces of code. + */ int CRYPTO_memcmp(const volatile void * volatile in_a, const volatile void * volatile in_b, size_t len) -- 2.34.1