Browse Source

add explicit_bzero to libc. implementation subject to change, but start

the ball rolling. ok deraadt.
OPENBSD_5_5
tedu 10 years ago
parent
commit
2beb8f104d
4 changed files with 40 additions and 5 deletions
  1. +3
    -1
      src/include/string.h
  2. +3
    -2
      src/lib/libc/string/Makefile.inc
  3. +14
    -2
      src/lib/libc/string/bzero.3
  4. +20
    -0
      src/lib/libc/string/explicit_bzero.c

+ 3
- 1
src/include/string.h View File

@ -1,4 +1,4 @@
/* $OpenBSD: string.h,v 1.26 2013/05/13 10:37:02 ajacoutot Exp $ */
/* $OpenBSD: string.h,v 1.27 2014/01/22 21:06:45 tedu Exp $ */
/* $NetBSD: string.h,v 1.6 1994/10/26 00:56:30 cgd Exp $ */
/*-
@ -126,6 +126,8 @@ char *strsignal(int);
#endif
#if __BSD_VISIBLE
void explicit_bzero(void *, size_t)
__attribute__ ((__bounded__(__buffer__,1,2)));
void *memmem(const void *, size_t, const void *, size_t);
void *memrchr(const void *, int, size_t);
char *strcasestr(const char *, const char *);


+ 3
- 2
src/lib/libc/string/Makefile.inc View File

@ -1,9 +1,9 @@
# $OpenBSD: Makefile.inc,v 1.32 2013/12/19 20:52:37 millert Exp $
# $OpenBSD: Makefile.inc,v 1.33 2014/01/22 21:06:45 tedu Exp $
# string sources
.PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/string ${LIBCSRCDIR}/string
SRCS+= bm.c memccpy.c memmem.c memrchr.c stpcpy.c stpncpy.c \
SRCS+= bm.c explicit_bzero.c memccpy.c memmem.c memrchr.c stpcpy.c stpncpy.c \
strcasecmp.c strcasestr.c strcoll.c strdup.c \
strerror.c strerror_r.c strlcat.c strmode.c strndup.c strnlen.c \
strsignal.c strtok.c strxfrm.c \
@ -155,6 +155,7 @@ MAN+= bm.3 bcmp.3 bcopy.3 bstring.3 bzero.3 ffs.3 memccpy.3 memchr.3 \
wmemset.3
MLINKS+=bm.3 bm_comp.3 bm.3 bm_exec.3 bm.3 bm_free.3
MLINKS+=bzero.3 explicit_bzero.3
MLINKS+=memchr.3 memrchr.3
MLINKS+=stpcpy.3 stpncpy.3
MLINKS+=strchr.3 index.3


+ 14
- 2
src/lib/libc/string/bzero.3 View File

@ -27,9 +27,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $OpenBSD: bzero.3,v 1.9 2013/06/05 03:39:23 tedu Exp $
.\" $OpenBSD: bzero.3,v 1.10 2014/01/22 21:06:45 tedu Exp $
.\"
.Dd $Mdocdate: June 5 2013 $
.Dd $Mdocdate: January 22 2014 $
.Dt BZERO 3
.Os
.Sh NAME
@ -39,6 +39,8 @@
.In string.h
.Ft void
.Fn bzero "void *b" "size_t len"
.Ft void
.Fn explicit_bzero "void *b" "size_t len"
.Sh DESCRIPTION
The
.Fn bzero
@ -51,6 +53,12 @@ If
is zero,
.Fn bzero
does nothing.
.Pp
The
.Fn explicit_bzero
variant behaves the same, but will not be removed by a compiler's dead store
optimization pass, making it useful for clearing sensitive memory such as a
password.
.Sh SEE ALSO
.Xr memset 3 ,
.Xr swab 3
@ -59,3 +67,7 @@ The
.Fn bzero
function first appeared in
.Bx 4.2 .
The
.Fn explicit_bzero
function first appeared in
.Ox 5.5 .

+ 20
- 0
src/lib/libc/string/explicit_bzero.c View File

@ -0,0 +1,20 @@
/* $OpenBSD: explicit_bzero.c,v 1.1 2014/01/22 21:06:45 tedu Exp $ */
/*
* Public domain.
* Written by Ted Unangst
*/
#if !defined(_KERNEL) && !defined(_STANDALONE)
#include <string.h>
#else
#include <lib/libkern/libkern.h>
#endif
/*
* explicit_bzero - don't let the compiler optimize away bzero
*/
void
explicit_bzero(void *p, size_t n)
{
bzero(p, n);
}

Loading…
Cancel
Save