RTEMS | cpukit/libcrypt: Add SHA3-512 Keccak Implementation (!687)
Wayne Thornton (@wmthornton-dev)
gitlab at rtems.org
Thu Sep 4 22:39:58 UTC 2025
Wayne Thornton commented on a discussion on cpukit/include/crypt.h: https://gitlab.rtems.org/rtems/rtos/rtems/-/merge_requests/687#note_130061
> +/* Code to re-introduce the C11 memset_s function
> +* which is missing from the RTEMS C11 compiler but which
> +* is used in the libcrypt functions to securely erase
> +* sensitive data after use. Since the C11 memset_s
> +* function is not available we provide our own implementation
> +* here. Should the RTEMS C library ever provide
> +* a conforming memset_s function this code can be removed.
> +*/
> +static inline void memset_s_rtems(void *s, size_t n) {
> + volatile unsigned char *p = (volatile unsigned char *)s;
> + while (n--) {
> + *p++ = 0;
> + }
> +}
> +
> +static inline void explicit_bzero_rtems (void *s, size_t len)
@joel memset() by itself tends to be optimized away by the compiler which runs the risk of leaving intermediate strings within memory, which could be accessed by outside attackers. By calling the memset_s() function, we force the compiler to leave it in. That being said, I understand your comment that the implementation is inefficient, and perhaps it could be written better. I'll take a look at that.
@gedare I'll take a look at this option and see what works.
--
View it on GitLab: https://gitlab.rtems.org/rtems/rtos/rtems/-/merge_requests/687#note_130061
You're receiving this email because of your account on gitlab.rtems.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/bugs/attachments/20250904/c157e197/attachment-0001.htm>
More information about the bugs
mailing list