Use zero_call_used_regs and noinline for backend memory utils and introduce crypt_backend_memcpy.

lib/crypto_backend/crypto_backend.h

@@ -146,6 +146,9 @@ int crypt_bitlk_decrypt_key(const void *key, size_t key_length,
 /* Memzero helper (memset on stack can be optimized out) */
 void crypt_backend_memzero(void *s, size_t n);
 
+/* Memcpy helper to avoid spilling sensitive data through additional registers */
+void *crypt_backend_memcpy(void *dst, const void *src, size_t n);
+
 /* Memcmp helper (memcmp in constant time) */
 int crypt_backend_memeq(const void *m1, const void *m2, size_t n);
 

lib/crypto_backend/memutils.c

@@ -20,7 +20,17 @@
 
 #include "crypto_backend_internal.h"
 
+#define ATTR_NOINLINE __attribute__ ((noinline))
+#define ATTR_ZERO_REGS
+#if defined __has_attribute
+#  if __has_attribute (zero_call_used_regs)
+#    undef ATTR_ZERO_REGS
+#    define ATTR_ZERO_REGS __attribute__ ((zero_call_used_regs("used")))
+#  endif
+#endif
+
 /* Memzero helper (memset on stack can be optimized out) */
+ATTR_NOINLINE ATTR_ZERO_REGS
 void crypt_backend_memzero(void *s, size_t n)
 {
 #ifdef HAVE_EXPLICIT_BZERO
@@ -31,7 +41,20 @@ void crypt_backend_memzero(void *s, size_t n)
 #endif
 }
 
+/* Memcpy helper to avoid spilling sensitive data through additional registers */
+ATTR_NOINLINE ATTR_ZERO_REGS
+void *crypt_backend_memcpy(void *dst, const void *src, size_t n)
+{
+	volatile uint8_t *d = (volatile uint8_t *)dst;
+	const volatile uint8_t *s = (const volatile uint8_t *)src;
+
+	while(n--) *d++ = *s++;
+
+	return dst;
+}
+
 /* Internal implementation for constant time memory comparison */
+ATTR_NOINLINE ATTR_ZERO_REGS
 int crypt_internal_memeq(const void *m1, const void *m2, size_t n)
 {
 	const unsigned char *_m1 = (const unsigned char *) m1;