Re: CVS commit: src/lib/libcrypt

[Matthias Drochner <M.Drochner%fz-juelich.de@localhost>]

dholland-sourcechanges%netbsd.org@localhost said:
> You also want to take steps to make sure that the zeroed cache line is
> flushed out.

This would be good, but it is a bit hard on x86 from userland
because wbinv is a privileged instruction. Would need a system
call.
Anyway, here is a first cut on an "explicit_bzero" function
which doesn't get optimized away. I've put it to src/common
because the same thing makes sense in the kernel too.
Comments?

best regards
Matthias


------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDirig Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------

# HG changeset patch
# Parent 2aacac6262cc9007f8dfb28f30add312d2a8168c
diff -r 2aacac6262cc -r 3417b12dcb66 common/lib/libc/string/explicit_bzero.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/common/lib/libc/string/explicit_bzero.c   Tue Nov 29 20:32:08 2011 +0100
@@ -0,0 +1,14 @@
+/* $NetBSD$ */
+
+#include <string.h>
+
+#if !defined(_KERNEL)
+#define explicit_bzero __explicit_bzero
+#endif
+
+void
+explicit_bzero(void *p, size_t l)
+{
+
+       memset(p, 0, l);
+}
diff -r 2aacac6262cc -r 3417b12dcb66 include/string.h
--- a/include/string.h  Tue Nov 29 18:12:59 2011 +0100
+++ b/include/string.h  Tue Nov 29 20:32:08 2011 +0100
@@ -107,6 +107,7 @@
 char   *stresep(char **, const char *, int);
 char   *strndup(const char *, size_t);
 void   *memrchr(const void *, int, size_t);
+void   __explicit_bzero(void *, size_t);
 #endif
 __END_DECLS
 
diff -r 2aacac6262cc -r 3417b12dcb66 lib/libc/string/Makefile.inc
--- a/lib/libc/string/Makefile.inc      Tue Nov 29 18:12:59 2011 +0100
+++ b/lib/libc/string/Makefile.inc      Tue Nov 29 20:32:08 2011 +0100
@@ -19,6 +19,7 @@
 SRCS+= strcat.c strcmp.c strcpy.c strcspn.c strlen.c
 SRCS+= strncat.c strncmp.c strncpy.c strpbrk.c strsep.c
 SRCS+= strspn.c strstr.c swab.c
+SRCS+= explicit_bzero.c
 
 SRCS+= memccpy.c memcpy.c memmem.c memmove.c
 SRCS+= strchr.c strrchr.c
diff -r 2aacac6262cc -r 3417b12dcb66 lib/libcrypt/bcrypt.c
--- a/lib/libcrypt/bcrypt.c     Tue Nov 29 18:12:59 2011 +0100
+++ b/lib/libcrypt/bcrypt.c     Tue Nov 29 20:32:08 2011 +0100
@@ -313,7 +313,7 @@
        encode_base64((u_int8_t *) encrypted + i + 3, csalt, BCRYPT_MAXSALT);
        encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext,
            4 * BCRYPT_BLOCKS - 1);
-       memset(&state, 0, sizeof(state));
+       __explicit_bzero(&state, sizeof(state));
        return encrypted;
 }
 
diff -r 2aacac6262cc -r 3417b12dcb66 lib/libcrypt/crypt-sha1.c
--- a/lib/libcrypt/crypt-sha1.c Tue Nov 29 18:12:59 2011 +0100
+++ b/lib/libcrypt/crypt-sha1.c Tue Nov 29 20:32:08 2011 +0100
@@ -190,7 +190,7 @@
     *ep = '\0';
 
     /* Don't leave anything around in vm they could use. */
-    memset(hmac_buf, 0, sizeof hmac_buf);
+    __explicit_bzero(hmac_buf, sizeof hmac_buf);
 
     return passwd;
 }      
diff -r 2aacac6262cc -r 3417b12dcb66 lib/libcrypt/md5crypt.c
--- a/lib/libcrypt/md5crypt.c   Tue Nov 29 18:12:59 2011 +0100
+++ b/lib/libcrypt/md5crypt.c   Tue Nov 29 20:32:08 2011 +0100
@@ -143,6 +143,6 @@
        *p = '\0';
 
        /* Don't leave anything around in vm they could use. */
-       memset(final, 0, sizeof(final));
+       __explicit_bzero(final, sizeof(final));
        return (passwd);
 }