diff --git a/include/strings.h b/include/strings.h index 4fb9311657f3..2210df04f0d4 100644 --- a/include/strings.h +++ b/include/strings.h @@ -43,6 +43,9 @@ int bcmp(const void *, const void *, size_t) __pure; /* LEGACY */ void bcopy(const void *, void *, size_t); /* LEGACY */ void bzero(void *, size_t); /* LEGACY */ #endif +#if __BSD_VISIBLE +void explicit_bzero(void *, size_t); +#endif #if __XSI_VISIBLE int ffs(int) __pure2; #endif diff --git a/lib/libc/string/Makefile.inc b/lib/libc/string/Makefile.inc index 731f4fc90415..04f63764bbd4 100644 --- a/lib/libc/string/Makefile.inc +++ b/lib/libc/string/Makefile.inc @@ -6,7 +6,8 @@ CFLAGS+= -I${LIBC_SRCTOP}/locale # machine-independent string sources -MISRCS+=bcmp.c bcopy.c bzero.c ffs.c ffsl.c ffsll.c fls.c flsl.c flsll.c \ +MISRCS+=bcmp.c bcopy.c bzero.c explicit_bzero.c \ + ffs.c ffsl.c ffsll.c fls.c flsl.c flsll.c \ memccpy.c memchr.c memrchr.c memcmp.c \ memcpy.c memmem.c memmove.c memset.c \ stpcpy.c stpncpy.c strcasecmp.c \ diff --git a/lib/libc/string/Symbol.map b/lib/libc/string/Symbol.map index 8e801659f35c..59610925fe33 100644 --- a/lib/libc/string/Symbol.map +++ b/lib/libc/string/Symbol.map @@ -100,6 +100,10 @@ FBSD_1.3 { wcwidth_l; }; +FBSD_1.4 { + explicit_bzero; +}; + FBSDprivate_1.0 { __strtok_r; }; diff --git a/lib/libc/string/bzero.3 b/lib/libc/string/bzero.3 index 029644a5b7bf..ea572bef89e5 100644 --- a/lib/libc/string/bzero.3 +++ b/lib/libc/string/bzero.3 @@ -35,7 +35,8 @@ .Dt BZERO 3 .Os .Sh NAME -.Nm bzero +.Nm bzero , +.Nm explicit_bzero .Nd write zeroes to a byte string .Sh LIBRARY .Lb libc @@ -43,6 +44,8 @@ .In strings.h .Ft void .Fn bzero "void *b" "size_t len" +.Ft void +.Fn explicit_bzero "void *b" "size_t len" .Sh DESCRIPTION The .Fn bzero @@ -56,6 +59,12 @@ If is zero, .Fn bzero does nothing. +.Pp +The +.Fn explicit_bzero +variant behaves the same, but will not be removed by a compiler's dead store +optimization pass, making it useful for clearing sensitive memory such as a +password. .Sh SEE ALSO .Xr memset 3 , .Xr swab 3 @@ -72,3 +81,10 @@ before it was moved to for .St -p1003.1-2001 compliance. +.Pp +The +.Fn explicit_bzero +function first appeared in +.Ox 5.5 +and +.Fx 11.0 . diff --git a/lib/libc/string/explicit_bzero.c b/lib/libc/string/explicit_bzero.c new file mode 100644 index 000000000000..a7811b037e8d --- /dev/null +++ b/lib/libc/string/explicit_bzero.c @@ -0,0 +1,22 @@ +/* $OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */ +/* + * Public domain. + * Written by Matthew Dempsky. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include + +__attribute__((weak)) void +__explicit_bzero_hook(void *buf, size_t len) +{ +} + +void +explicit_bzero(void *buf, size_t len) +{ + memset(buf, 0, len); + __explicit_bzero_hook(buf, len); +} diff --git a/sys/conf/files b/sys/conf/files index 20f0d6e60e89..46179cb6e154 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -3163,6 +3163,7 @@ libkern/arc4random.c standard libkern/bcd.c standard libkern/bsearch.c standard libkern/crc32.c standard +libkern/explicit_bzero.c standard libkern/fnmatch.c standard libkern/iconv.c optional libiconv libkern/iconv_converter_if.m optional libiconv diff --git a/sys/libkern/explicit_bzero.c b/sys/libkern/explicit_bzero.c new file mode 100644 index 000000000000..2468c5509d9d --- /dev/null +++ b/sys/libkern/explicit_bzero.c @@ -0,0 +1,24 @@ +/* $OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */ +/* + * Public domain. + * Written by Matthew Dempsky. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include + +__attribute__((weak)) void __explicit_bzero_hook(void *, size_t); + +__attribute__((weak)) void +__explicit_bzero_hook(void *buf, size_t len) +{ +} + +void +explicit_bzero(void *buf, size_t len) +{ + memset(buf, 0, len); + __explicit_bzero_hook(buf, len); +} diff --git a/sys/sys/systm.h b/sys/sys/systm.h index c484b7b3374a..eae72728a0f8 100644 --- a/sys/sys/systm.h +++ b/sys/sys/systm.h @@ -232,6 +232,7 @@ void hexdump(const void *ptr, int length, const char *hdr, int flags); #define ovbcopy(f, t, l) bcopy((f), (t), (l)) void bcopy(const void *from, void *to, size_t len) __nonnull(1) __nonnull(2); void bzero(void *buf, size_t len) __nonnull(1); +void explicit_bzero(void *, size_t) __nonnull(1);; void *memcpy(void *to, const void *from, size_t len) __nonnull(1) __nonnull(2); void *memmove(void *dest, const void *src, size_t n) __nonnull(1) __nonnull(2);