Zeroing out 2*NUM_ECC_WORDS bytes starting from the `p2` pointer would
not only write 16 bytes to an 8-byte array allocated on the stack, but
also not clear out important arrays such as `_private` and `tmp`.
Moreover, no memory was cleared out before returning from the function,
and there are two exit points.
Properly memset() all private data and use an empty assembly block
referencing the memory region to avoid the memset() calls to be elided
by the compiler.
Ideally, in the future, all stack-allocated variables that contains
sensitive information should be marked with __attribute__((cleanup)), a
GCC extension that calls a function when the variable exits the scope.
This will not only reduce code size, but for other functions with
multiple exit points, also ensure that sensitive data is always
cleared.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
eb0dccdb94