use asm memory barrier where supported

shikokuchuo · Jun 12, 2024 · 5e8c087 · 5e8c087
1 parent 7133383
commit 5e8c087
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 14 deletions.
diff --git a/DESCRIPTION b/DESCRIPTION
@@ -1,7 +1,7 @@
 Package: secretbase
 Type: Package
 Title: Cryptographic Hash and Extendable-Output Functions
-Version: 0.5.0.9001
+Version: 0.5.0.9002
 Description: Fast and memory-efficient streaming hash functions. Performs direct
     hashing of strings and raw vectors. Stream hashes files potentially larger
     than memory, as well as in-memory objects through R's serialization

diff --git a/NEWS.md b/NEWS.md
@@ -1,4 +1,4 @@
-# secretbase 0.5.0.9001 (development)
+# secretbase 0.5.0.9002 (development)
 
 * Adds base64 encoding and decoding.
 * `sha3()` restricts 'bit' argument to one of 224, 256, 384 or 512.

diff --git a/src/base.c b/src/base.c
@@ -31,23 +31,15 @@
 #include <stddef.h>
 #include <stdint.h>
 
-typedef uint32_t  mbedtls_ct_uint_t;
-
-#define MBEDTLS_HAVE_ASM
 #define MBEDTLS_BYTE_0(x) ((uint8_t) ((x)         & 0xff))
 #define MBEDTLS_BYTE_1(x) ((uint8_t) (((x) >>  8) & 0xff))
 #define MBEDTLS_BYTE_2(x) ((uint8_t) (((x) >> 16) & 0xff))
 
-#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && (!defined(__ARMCC_VERSION) || \
-__ARMCC_VERSION >= 6000000)
-#define MBEDTLS_CT_ASM
-#endif
-
 #if !defined(MBEDTLS_CT_ASM)
-volatile mbedtls_ct_uint_t mbedtls_ct_zero = 0;
+volatile uint32_t mbedtls_ct_zero = 0;
 #endif
 
-static inline mbedtls_ct_uint_t mbedtls_ct_compiler_opaque(mbedtls_ct_uint_t x) {
+static inline uint32_t mbedtls_ct_compiler_opaque(uint32_t x) {
 #if defined(MBEDTLS_CT_ASM)
   asm volatile ("" : [x] "+r" (x) :);
   return x;

diff --git a/src/secret.c b/src/secret.c
@@ -214,12 +214,17 @@ static void mbedtls_sha3_finish(mbedtls_sha3_context *ctx, uint8_t *output, size
 
 // secretbase - internals ------------------------------------------------------
 
+#if !defined(MBEDTLS_CT_ASM)
 static void * (*const volatile secure_memset)(void *, int, size_t) = memset;
+#endif
 
 void clear_buffer(void *buf, size_t sz) {
-
+#ifdef MBEDTLS_CT_ASM
+  memset(buf, 0, sz);
+  asm volatile ("" ::: "memory");
+#else
   secure_memset(buf, 0, sz);
-  
+#endif
 }
 
 static void hash_bytes(R_outpstream_t stream, void *src, int len) {

diff --git a/src/secret.h b/src/secret.h
@@ -41,6 +41,11 @@
 #define SB_SIPH_SIZE 8
 #define SB_SKEY_SIZE 16
 
+#if defined(__GNUC__) && (!defined(__ARMCC_VERSION) || \
+__ARMCC_VERSION >= 6000000)
+#define MBEDTLS_CT_ASM
+#endif
+
 typedef struct mbedtls_sha3_context {
   uint64_t state[25];
   uint8_t index;