From 497910833e6992b4b8645900f2086a56f5557424 Mon Sep 17 00:00:00 2001
From: Kurt Roeckx <kurt@roeckx.be>
Date: Tue, 21 Feb 2017 22:20:34 +0100
Subject: [PATCH] Make the CRYPTO_memcmp() prototype match memcmp()

Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2633
---
 crypto/cryptlib.c        | 27 ++++++++-------------------
 include/openssl/crypto.h |  4 +---
 2 files changed, 9 insertions(+), 22 deletions(-)

diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index b02236593d..71a5c35974 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -313,26 +313,15 @@ void OPENSSL_die(const char *message, const char *file, int line)
 }
 
 #if !defined(OPENSSL_CPUID_OBJ)
-/* volatile unsigned char* pointers are there because
- * 1. Accessing a variable declared volatile via a pointer
- *    that lacks a volatile qualifier causes undefined behavior.
- * 2. When the variable itself is not volatile the compiler is
- *    not required to keep all those reads and can convert
- *    this into canonical memcmp() which doesn't read the whole block.
- * Pointers to volatile resolve the first problem fully. The second
- * problem cannot be resolved in any Standard-compliant way but this
- * works the problem around. Compilers typically react to
- * pointers to volatile by preserving the reads and writes through them.
- * The latter is not required by the Standard if the memory pointed to
- * is not volatile.
- * Pointers themselves are volatile in the function signature to work
- * around a subtle bug in gcc 4.6+ which causes writes through
- * pointers to volatile to not be emitted in some rare,
- * never needed in real life, pieces of code.
+/*
+ * The volatile is used to to ensure that the compiler generates code that reads
+ * all values from the array and doesn't try to optimize this away. The standard
+ * doesn't actually require this behavior if the original data pointed to is
+ * not volatile, but compilers do this in practice anyway.
+ *
+ * There are also assembler versions of this function.
  */
-int CRYPTO_memcmp(const volatile void * volatile in_a,
-                  const volatile void * volatile in_b,
-                  size_t len)
+int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len)
 {
     size_t i;
     const volatile unsigned char *a = in_a;
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index 8ee3e8aec6..3b75dbe577 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -347,9 +347,7 @@ int OPENSSL_gmtime_diff(int *pday, int *psec,
  * into a defined order as the return value when a != b is undefined, other
  * than to be non-zero.
  */
-int CRYPTO_memcmp(const volatile void * volatile in_a,
-                  const volatile void * volatile in_b,
-                  size_t len);
+int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len);
 
 /* Standard initialisation options */
 # define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L
-- 
2.40.0