Skip to content

LibCrypto: Build with -fzero-call-used-regs=used#26657

Open
LucasChollet wants to merge 1 commit intoSerenityOS:masterfrom
LucasChollet:zero-call-regs-2
Open

LibCrypto: Build with -fzero-call-used-regs=used#26657
LucasChollet wants to merge 1 commit intoSerenityOS:masterfrom
LucasChollet:zero-call-regs-2

Conversation

@LucasChollet
Copy link
Member

@LucasChollet LucasChollet commented Mar 11, 2026

By zeroing registers when returning from crypto functions, we prevent attackers from accessing sensitive information that could otherwise be left in these registers.

Note that we currently have no safety regarding the same kind of leakage but with stack or heap memory.

From some small experiments, the performance cost should be under 5%. This could probably be optimized by only applying it to the public API.

Before:
image

@LucasChollet LucasChollet requested a review from alimpfard as a code owner March 11, 2026 12:57
@github-actions github-actions bot added the 👀 pr-needs-review PR needs review from a maintainer or community member label Mar 11, 2026
@LucasChollet
LibCrypto: Build with -fzero-call-used-regs=used
c97aaad 
By zeroing registers when returning from crypto functions, we prevent
attackers from accessing sensitive information that could otherwise be
left in these registers.

Note that we currently have no safety regarding the same kind of
leakage but with stack or heap memory.

From some small experiments, the performance cost should be under 5%.
This could probably be optimized by only applying it to the public API.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alimpfard alimpfard Awaiting requested review from alimpfard alimpfard is a code owner

Assignees

No one assigned

Labels

👀 pr-needs-review PR needs review from a maintainer or community member

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@LucasChollet