Add explicit_bzero(3) and its kernel counterpart.

Obtained from: OpenBSD MFC after: 2 weeks
2014-10-07 04:54:11 +00:00 · 2014-10-07 04:54:11 +00:00 · 78b59024b5
commit 78b59024b5
parent 84e874bd6c
8 changed files with 74 additions and 2 deletions
--- a/include/strings.h
+++ b/include/strings.h
@ -43,6 +43,9 @@ int	 bcmp(const void *, const void *, size_t) __pure;	/* LEGACY */
 void	 bcopy(const void *, void *, size_t);			/* LEGACY */
 void	 bzero(void *, size_t);					/* LEGACY */
 #endif
+#if __BSD_VISIBLE
+void	 explicit_bzero(void *, size_t);
+#endif
 #if __XSI_VISIBLE
 int	 ffs(int) __pure2;
 #endif
--- a/lib/libc/string/Makefile.inc
+++ b/lib/libc/string/Makefile.inc
@ -6,7 +6,8 @@
 CFLAGS+= -I${LIBC_SRCTOP}/locale

 # machine-independent string sources
-MISRCS+=bcmp.c bcopy.c bzero.c ffs.c ffsl.c ffsll.c fls.c flsl.c flsll.c \
+MISRCS+=bcmp.c bcopy.c bzero.c explicit_bzero.c \
+	ffs.c ffsl.c ffsll.c fls.c flsl.c flsll.c \
 	memccpy.c memchr.c memrchr.c memcmp.c \
 	memcpy.c memmem.c memmove.c memset.c \
 	stpcpy.c stpncpy.c strcasecmp.c \
--- a/lib/libc/string/Symbol.map
+++ b/lib/libc/string/Symbol.map
@ -100,6 +100,10 @@ FBSD_1.3 {
 	wcwidth_l;
 };

+FBSD_1.4 {
+	explicit_bzero;
+};
+
 FBSDprivate_1.0 {
 	__strtok_r;
 };
--- a/lib/libc/string/bzero.3
+++ b/lib/libc/string/bzero.3
@ -35,7 +35,8 @@
 .Dt BZERO 3
 .Os
 .Sh NAME
-.Nm bzero
+.Nm bzero ,
+.Nm explicit_bzero
 .Nd write zeroes to a byte string
 .Sh LIBRARY
 .Lb libc
@ -43,6 +44,8 @@
 .In strings.h
 .Ft void
 .Fn bzero "void *b" "size_t len"
+.Ft void
+.Fn explicit_bzero "void *b" "size_t len"
 .Sh DESCRIPTION
 The
 .Fn bzero
@ -56,6 +59,12 @@ If
 is zero,
 .Fn bzero
 does nothing.
+.Pp
+The
+.Fn explicit_bzero
+variant behaves the same, but will not be removed by a compiler's dead store
+optimization pass, making it useful for clearing sensitive memory such as a
+password.
 .Sh SEE ALSO
 .Xr memset 3 ,
 .Xr swab 3
@ -72,3 +81,10 @@ before it was moved to
 for
 .St -p1003.1-2001
 compliance.
+.Pp
+The
+.Fn explicit_bzero
+function first appeared in
+.Ox 5.5
+and
+.Fx 11.0 .
--- a/lib/libc/string/explicit_bzero.c
+++ b/lib/libc/string/explicit_bzero.c
@ -0,0 +1,22 @@
+/*	$OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */
+/*
+ * Public domain.
+ * Written by Matthew Dempsky.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <string.h>
+
+__attribute__((weak)) void
+__explicit_bzero_hook(void *buf, size_t len)
+{
+}
+
+void
+explicit_bzero(void *buf, size_t len)
+{
+	memset(buf, 0, len);
+	__explicit_bzero_hook(buf, len);
+}
--- a/sys/conf/files
+++ b/sys/conf/files
@ -3163,6 +3163,7 @@ libkern/arc4random.c		standard
 libkern/bcd.c			standard
 libkern/bsearch.c		standard
 libkern/crc32.c			standard
+libkern/explicit_bzero.c	standard
 libkern/fnmatch.c		standard
 libkern/iconv.c			optional libiconv
 libkern/iconv_converter_if.m	optional libiconv
--- a/sys/libkern/explicit_bzero.c
+++ b/sys/libkern/explicit_bzero.c
@ -0,0 +1,24 @@
+/*	$OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */
+/*
+ * Public domain.
+ * Written by Matthew Dempsky.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/libkern.h>
+
+__attribute__((weak)) void __explicit_bzero_hook(void *, size_t);
+
+__attribute__((weak)) void
+__explicit_bzero_hook(void *buf, size_t len)
+{
+}
+
+void
+explicit_bzero(void *buf, size_t len)
+{
+	memset(buf, 0, len);
+	__explicit_bzero_hook(buf, len);
+}
--- a/sys/sys/systm.h
+++ b/sys/sys/systm.h
@ -232,6 +232,7 @@ void	hexdump(const void *ptr, int length, const char *hdr, int flags);
 #define ovbcopy(f, t, l) bcopy((f), (t), (l))
 void	bcopy(const void *from, void *to, size_t len) __nonnull(1) __nonnull(2);
 void	bzero(void *buf, size_t len) __nonnull(1);
+void	explicit_bzero(void *, size_t) __nonnull(1);;

 void	*memcpy(void *to, const void *from, size_t len) __nonnull(1) __nonnull(2);
 void	*memmove(void *dest, const void *src, size_t n) __nonnull(1) __nonnull(2);