svn commit: r272673 - in head: include lib/libc/string sys/conf sys/libkern sys/sys

Tue Oct 7 04:54:13 UTC 2014

Author: delphij
Date: Tue Oct  7 04:54:11 2014
New Revision: 272673
URL: https://svnweb.freebsd.org/changeset/base/272673

Log:
  Add explicit_bzero(3) and its kernel counterpart.
  
  Obtained from:	OpenBSD
  MFC after:	2 weeks

Added:
  head/lib/libc/string/explicit_bzero.c   (contents, props changed)
  head/sys/libkern/explicit_bzero.c   (contents, props changed)
Modified:
  head/include/strings.h
  head/lib/libc/string/Makefile.inc
  head/lib/libc/string/Symbol.map
  head/lib/libc/string/bzero.3
  head/sys/conf/files
  head/sys/sys/systm.h

Modified: head/include/strings.h
==============================================================================

--- head/include/strings.h	Mon Oct  6 23:17:01 2014	(r272672)
+++ head/include/strings.h	Tue Oct  7 04:54:11 2014	(r272673)
@@ -43,6 +43,9 @@ int	 bcmp(const void *, const void *, si
 void	 bcopy(const void *, void *, size_t);			/* LEGACY */
 void	 bzero(void *, size_t);					/* LEGACY */
 #endif
+#if __BSD_VISIBLE
+void	 explicit_bzero(void *, size_t);
+#endif
 #if __XSI_VISIBLE
 int	 ffs(int) __pure2;
 #endif

Modified: head/lib/libc/string/Makefile.inc
==============================================================================
--- head/lib/libc/string/Makefile.inc	Mon Oct  6 23:17:01 2014	(r272672)
+++ head/lib/libc/string/Makefile.inc	Tue Oct  7 04:54:11 2014	(r272673)
@@ -6,7 +6,8 @@
 CFLAGS+= -I${LIBC_SRCTOP}/locale
 
 # machine-independent string sources
-MISRCS+=bcmp.c bcopy.c bzero.c ffs.c ffsl.c ffsll.c fls.c flsl.c flsll.c \
+MISRCS+=bcmp.c bcopy.c bzero.c explicit_bzero.c \
+	ffs.c ffsl.c ffsll.c fls.c flsl.c flsll.c \
 	memccpy.c memchr.c memrchr.c memcmp.c \
 	memcpy.c memmem.c memmove.c memset.c \
 	stpcpy.c stpncpy.c strcasecmp.c \

Modified: head/lib/libc/string/Symbol.map
==============================================================================
--- head/lib/libc/string/Symbol.map	Mon Oct  6 23:17:01 2014	(r272672)
+++ head/lib/libc/string/Symbol.map	Tue Oct  7 04:54:11 2014	(r272673)
@@ -100,6 +100,10 @@ FBSD_1.3 {
 	wcwidth_l;
 };
 
+FBSD_1.4 {
+	explicit_bzero;
+};
+
 FBSDprivate_1.0 {
 	__strtok_r;
 };

Modified: head/lib/libc/string/bzero.3
==============================================================================
--- head/lib/libc/string/bzero.3	Mon Oct  6 23:17:01 2014	(r272672)
+++ head/lib/libc/string/bzero.3	Tue Oct  7 04:54:11 2014	(r272673)
@@ -35,7 +35,8 @@
 .Dt BZERO 3
 .Os
 .Sh NAME
-.Nm bzero
+.Nm bzero ,
+.Nm explicit_bzero
 .Nd write zeroes to a byte string
 .Sh LIBRARY
 .Lb libc
@@ -43,6 +44,8 @@
 .In strings.h
 .Ft void
 .Fn bzero "void *b" "size_t len"
+.Ft void
+.Fn explicit_bzero "void *b" "size_t len"
 .Sh DESCRIPTION
 The
 .Fn bzero
@@ -56,6 +59,12 @@ If
 is zero,
 .Fn bzero
 does nothing.
+.Pp
+The
+.Fn explicit_bzero
+variant behaves the same, but will not be removed by a compiler's dead store
+optimization pass, making it useful for clearing sensitive memory such as a
+password.
 .Sh SEE ALSO
 .Xr memset 3 ,
 .Xr swab 3
@@ -72,3 +81,10 @@ before it was moved to
 for
 .St -p1003.1-2001
 compliance.
+.Pp
+The
+.Fn explicit_bzero
+function first appeared in
+.Ox 5.5
+and
+.Fx 11.0 .

Added: head/lib/libc/string/explicit_bzero.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/lib/libc/string/explicit_bzero.c	Tue Oct  7 04:54:11 2014	(r272673)
@@ -0,0 +1,22 @@
+/*	$OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */
+/*
+ * Public domain.
+ * Written by Matthew Dempsky.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <string.h>
+
+__attribute__((weak)) void
+__explicit_bzero_hook(void *buf, size_t len)
+{
+}
+
+void
+explicit_bzero(void *buf, size_t len)
+{
+	memset(buf, 0, len);
+	__explicit_bzero_hook(buf, len);
+}

Modified: head/sys/conf/files
==============================================================================
--- head/sys/conf/files	Mon Oct  6 23:17:01 2014	(r272672)
+++ head/sys/conf/files	Tue Oct  7 04:54:11 2014	(r272673)
@@ -3163,6 +3163,7 @@ libkern/arc4random.c		standard
 libkern/bcd.c			standard
 libkern/bsearch.c		standard
 libkern/crc32.c			standard
+libkern/explicit_bzero.c	standard
 libkern/fnmatch.c		standard
 libkern/iconv.c			optional libiconv
 libkern/iconv_converter_if.m	optional libiconv

Added: head/sys/libkern/explicit_bzero.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sys/libkern/explicit_bzero.c	Tue Oct  7 04:54:11 2014	(r272673)
@@ -0,0 +1,24 @@
+/*	$OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */
+/*
+ * Public domain.
+ * Written by Matthew Dempsky.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/libkern.h>
+
+__attribute__((weak)) void __explicit_bzero_hook(void *, size_t);
+
+__attribute__((weak)) void
+__explicit_bzero_hook(void *buf, size_t len)
+{
+}
+
+void
+explicit_bzero(void *buf, size_t len)
+{
+	memset(buf, 0, len);
+	__explicit_bzero_hook(buf, len);
+}

Modified: head/sys/sys/systm.h
==============================================================================
--- head/sys/sys/systm.h	Mon Oct  6 23:17:01 2014	(r272672)
+++ head/sys/sys/systm.h	Tue Oct  7 04:54:11 2014	(r272673)
@@ -232,6 +232,7 @@ void	hexdump(const void *ptr, int length
 #define ovbcopy(f, t, l) bcopy((f), (t), (l))
 void	bcopy(const void *from, void *to, size_t len) __nonnull(1) __nonnull(2);
 void	bzero(void *buf, size_t len) __nonnull(1);
+void	explicit_bzero(void *, size_t) __nonnull(1);;
 
 void	*memcpy(void *to, const void *from, size_t len) __nonnull(1) __nonnull(2);
 void	*memmove(void *dest, const void *src, size_t n) __nonnull(1) __nonnull(2);
