!168 使用memset代替explicit_bzero，并消除memset和free一起使用的编译优化

From: @zhengxiaoxiaoGitee 
Reviewed-by: @houmingyong 
Signed-off-by: @houmingyong

backport-memset-no-optimize.patch

@@ -0,0 +1,58 @@
+From c15207d44281663b32ad4a8ede998dd4c7bda6fd Mon Sep 17 00:00:00 2001
+From: zhengxiaoxiao <zhengxiaoxiao2@huawei.com>
+Date: Thu, 14 Mar 2024 20:20:34 +0800
+Subject: [PATCH] memset no optimize
+
+Reference:https://gitee.com/openeuler/secGear/commit/c0997efc6a69d465b286347285cb1508a9d9c24b
+Conflict:NA
+---
+ src/enclave_src/gp/itrustee/itrustee_seal_data.c | 15 +++++++++++----
+ 1 file changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/src/enclave_src/gp/itrustee/itrustee_seal_data.c b/src/enclave_src/gp/itrustee/itrustee_seal_data.c
+index b074d6f..e23cb1e 100644
+--- a/src/enclave_src/gp/itrustee/itrustee_seal_data.c
++++ b/src/enclave_src/gp/itrustee/itrustee_seal_data.c
+@@ -15,6 +15,13 @@
+ #include "tee_crypto_api.h"
+ #include "dataseal_internal.h"
+ #include "tee_trusted_storage.h"
++
++#define CC_OPTIMIZE_OFF __attribute__((optimize("O0")))
++CC_OPTIMIZE_OFF static void *memset_no_optimize(void *ptr, int value, size_t num)
++{
++    memset(ptr, 0, num);
++}
++
+ uint32_t get_sealed_data_size_ex(uint32_t seal_data_len, uint32_t aad_len)
+ {
+     if (UINT32_MAX - aad_len <= seal_data_len) {
+@@ -139,13 +146,13 @@ TEE_Result itrustee_seal_data(uint8_t *seal_data, uint32_t seal_data_len, void *
+     result = data_copy(tmp_sealed_data, salt, nonce, mac_data, mac_data_len);
+ 
+ error0:
+-    memset(nonce, 0, SEAL_DATA_NONCE_LEN);
++    memset_no_optimize(nonce, 0, SEAL_DATA_NONCE_LEN);
+     TEE_Free(nonce);
+ error1:
+-    memset(salt, 0, SEAL_KEY_SALT_LEN);
++    memset_no_optimize(salt, 0, SEAL_KEY_SALT_LEN);
+     TEE_Free(salt);
+ error2:
+-    memset(key_buf, 0, SEAL_KEY_LEN);
++    memset_no_optimize(key_buf, 0, SEAL_KEY_LEN);
+     TEE_Free(key_buf);
+     return result;
+ }
+@@ -249,7 +256,7 @@ TEE_Result itrustee_unseal_data(void *sealed_data, uint8_t *decrypted_data, uint
+     }
+ 
+ done:
+-    memset(key_buf, 0, SEAL_KEY_LEN);
++    memset_no_optimize(key_buf, 0, SEAL_KEY_LEN);
+     TEE_Free(key_buf);
+     return result;
+ }
+-- 
+2.33.0
+

backport-use-memset-instead-of-explicit_bzero.patch

@@ -0,0 +1,67 @@
+From 248f56df792c14421074a6049ac668464070a574 Mon Sep 17 00:00:00 2001
+From: zhengxiaoxiao <zhengxiaoxiao2@huawei.com>
+Date: Tue, 12 Mar 2024 16:53:22 +0800
+Subject: [PATCH] use memset instead of explicit_bzero
+
+Reference: https://gitee.com/openeuler/secGear/commit/248f56df792c14421074a6049ac668464070a574
+Conflict: NA
+---
+ src/enclave_src/gp/itrustee/itrustee_seal_data.c |  8 ++++----
+ src/host_src/enclave.c                           |  4 ++--
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/enclave_src/gp/itrustee/itrustee_seal_data.c b/src/enclave_src/gp/itrustee/itrustee_seal_data.c
+index cae1734..b074d6f 100644
+--- a/src/enclave_src/gp/itrustee/itrustee_seal_data.c
++++ b/src/enclave_src/gp/itrustee/itrustee_seal_data.c
+@@ -139,13 +139,13 @@ TEE_Result itrustee_seal_data(uint8_t *seal_data, uint32_t seal_data_len, void *
+     result = data_copy(tmp_sealed_data, salt, nonce, mac_data, mac_data_len);
+ 
+ error0:
+-    explicit_bzero(nonce, SEAL_DATA_NONCE_LEN);
++    memset(nonce, 0, SEAL_DATA_NONCE_LEN);
+     TEE_Free(nonce);
+ error1:
+-    explicit_bzero(salt, SEAL_KEY_SALT_LEN);
++    memset(salt, 0, SEAL_KEY_SALT_LEN);
+     TEE_Free(salt);
+ error2:
+-    explicit_bzero(key_buf, SEAL_KEY_LEN);
++    memset(key_buf, 0, SEAL_KEY_LEN);
+     TEE_Free(key_buf);
+     return result;
+ }
+@@ -251,7 +251,7 @@ TEE_Result itrustee_unseal_data(void *sealed_data, uint8_t *decrypted_data, uint
+     }
+
+ done:
+-    explicit_bzero(key_buf, SEAL_KEY_LEN);
++    memset(key_buf, 0, SEAL_KEY_LEN);
+     TEE_Free(key_buf);
+     return result;
+ }
+diff --git a/src/host_src/enclave.c b/src/host_src/enclave.c
+index d8b7d35..f13feec 100644
+--- a/src/host_src/enclave.c
++++ b/src/host_src/enclave.c
+@@ -70,7 +70,7 @@ static void error_handle(cc_enclave_t *enclave, void *handle, p_tee_registered r
+ 
+     if (enclave) {
+         pthread_rwlock_destroy(&enclave->rwlock);
+-        explicit_bzero(enclave, sizeof(cc_enclave_t));
++        memset(enclave, 0, sizeof(cc_enclave_t));
+     }
+ }
+ 
+@@ -310,7 +310,7 @@ cc_enclave_result_t cc_enclave_destroy(cc_enclave_t *context)
+     }
+     pthread_rwlock_unlock(&context->rwlock);
+     pthread_rwlock_destroy(&context->rwlock);
+-    explicit_bzero(context, sizeof(cc_enclave_t));
++    memset(context, 0, sizeof(cc_enclave_t));
+ 
+     return CC_SUCCESS;
+ }
+-- 
+2.33.0
+

secGear.spec

@@ -1,6 +1,6 @@
 Name:		secGear
 Version:	0.1.0
-Release:	38
+Release:	39
 Summary:	secGear is an SDK to develop confidential computing apps based on hardware enclave features
 
 
@@ -80,6 +80,8 @@ Patch67:	0068-bugfix-when-input-empty-hash.patch
 Patch68:	0069-adapt-sign-tool-to-pass-API_LEVEL.patch
 Patch69:	0070-sign-tool-add-invalid-param-verify.patch
 Patch70:	0071-adapt-report-with-request-key.patch
+Patch71:	backport-use-memset-instead-of-explicit_bzero.patch
+Patch72:	backport-memset-no-optimize.patch
 
 BuildRequires:	gcc python automake autoconf libtool
 BUildRequires:	glibc glibc-devel cmake ocaml-dune rpm gcc-c++ compat-openssl11-libs compat-openssl11-devel
@@ -211,6 +213,9 @@ popd
 systemctl restart rsyslog
 
 %changelog
+* Wed Mar 27 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 0.1.0-39
+- use memset instead of explicit_bzero
+
 * Wed Sep 13 2023 wangqingsan<wangqingsan@huawei.com> - 0.1.0-38
 - synchronous features