From 2beb8f104dda8ad95611fe8987543c5db9faacd3 Mon Sep 17 00:00:00 2001 From: tedu <> Date: Wed, 22 Jan 2014 21:06:45 +0000 Subject: [PATCH] add explicit_bzero to libc. implementation subject to change, but start the ball rolling. ok deraadt. --- src/include/string.h | 4 +++- src/lib/libc/string/Makefile.inc | 5 +++-- src/lib/libc/string/bzero.3 | 16 ++++++++++++++-- src/lib/libc/string/explicit_bzero.c | 20 ++++++++++++++++++++ 4 files changed, 40 insertions(+), 5 deletions(-) create mode 100644 src/lib/libc/string/explicit_bzero.c diff --git a/src/include/string.h b/src/include/string.h index 033ee148..b0b851ed 100644 --- a/src/include/string.h +++ b/src/include/string.h @@ -1,4 +1,4 @@ -/* $OpenBSD: string.h,v 1.26 2013/05/13 10:37:02 ajacoutot Exp $ */ +/* $OpenBSD: string.h,v 1.27 2014/01/22 21:06:45 tedu Exp $ */ /* $NetBSD: string.h,v 1.6 1994/10/26 00:56:30 cgd Exp $ */ /*- @@ -126,6 +126,8 @@ char *strsignal(int); #endif #if __BSD_VISIBLE +void explicit_bzero(void *, size_t) + __attribute__ ((__bounded__(__buffer__,1,2))); void *memmem(const void *, size_t, const void *, size_t); void *memrchr(const void *, int, size_t); char *strcasestr(const char *, const char *); diff --git a/src/lib/libc/string/Makefile.inc b/src/lib/libc/string/Makefile.inc index 9d6d1b23..1cbb54b3 100644 --- a/src/lib/libc/string/Makefile.inc +++ b/src/lib/libc/string/Makefile.inc @@ -1,9 +1,9 @@ -# $OpenBSD: Makefile.inc,v 1.32 2013/12/19 20:52:37 millert Exp $ +# $OpenBSD: Makefile.inc,v 1.33 2014/01/22 21:06:45 tedu Exp $ # string sources .PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/string ${LIBCSRCDIR}/string -SRCS+= bm.c memccpy.c memmem.c memrchr.c stpcpy.c stpncpy.c \ +SRCS+= bm.c explicit_bzero.c memccpy.c memmem.c memrchr.c stpcpy.c stpncpy.c \ strcasecmp.c strcasestr.c strcoll.c strdup.c \ strerror.c strerror_r.c strlcat.c strmode.c strndup.c strnlen.c \ strsignal.c strtok.c strxfrm.c \ @@ -155,6 +155,7 @@ MAN+= bm.3 bcmp.3 bcopy.3 bstring.3 bzero.3 ffs.3 memccpy.3 memchr.3 \ wmemset.3 MLINKS+=bm.3 bm_comp.3 bm.3 bm_exec.3 bm.3 bm_free.3 +MLINKS+=bzero.3 explicit_bzero.3 MLINKS+=memchr.3 memrchr.3 MLINKS+=stpcpy.3 stpncpy.3 MLINKS+=strchr.3 index.3 diff --git a/src/lib/libc/string/bzero.3 b/src/lib/libc/string/bzero.3 index 1fd5da81..8476eb86 100644 --- a/src/lib/libc/string/bzero.3 +++ b/src/lib/libc/string/bzero.3 @@ -27,9 +27,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: bzero.3,v 1.9 2013/06/05 03:39:23 tedu Exp $ +.\" $OpenBSD: bzero.3,v 1.10 2014/01/22 21:06:45 tedu Exp $ .\" -.Dd $Mdocdate: June 5 2013 $ +.Dd $Mdocdate: January 22 2014 $ .Dt BZERO 3 .Os .Sh NAME @@ -39,6 +39,8 @@ .In string.h .Ft void .Fn bzero "void *b" "size_t len" +.Ft void +.Fn explicit_bzero "void *b" "size_t len" .Sh DESCRIPTION The .Fn bzero @@ -51,6 +53,12 @@ If is zero, .Fn bzero does nothing. +.Pp +The +.Fn explicit_bzero +variant behaves the same, but will not be removed by a compiler's dead store +optimization pass, making it useful for clearing sensitive memory such as a +password. .Sh SEE ALSO .Xr memset 3 , .Xr swab 3 @@ -59,3 +67,7 @@ The .Fn bzero function first appeared in .Bx 4.2 . +The +.Fn explicit_bzero +function first appeared in +.Ox 5.5 . diff --git a/src/lib/libc/string/explicit_bzero.c b/src/lib/libc/string/explicit_bzero.c new file mode 100644 index 00000000..fd2948ca --- /dev/null +++ b/src/lib/libc/string/explicit_bzero.c @@ -0,0 +1,20 @@ +/* $OpenBSD: explicit_bzero.c,v 1.1 2014/01/22 21:06:45 tedu Exp $ */ +/* + * Public domain. + * Written by Ted Unangst + */ + +#if !defined(_KERNEL) && !defined(_STANDALONE) +#include +#else +#include +#endif + +/* + * explicit_bzero - don't let the compiler optimize away bzero + */ +void +explicit_bzero(void *p, size_t n) +{ + bzero(p, n); +}