- (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()

using memset_s() where possible; improve fallback to indirect bzero via a volatile pointer to give it more of a chance to avoid being optimised away.
author: Damien Miller <djm@mindrot.org> 2014-08-27 06:32:01 +1000
committer: Damien Miller <djm@mindrot.org> 2014-08-27 06:32:01 +1000
commit: 3d673d103bad35afaec6e7ef73e5277216ce33a3 (patch)
tree: 646afea264f1f91573e590f1ae5818cfb7f7b296
parent: 146218ac11a1eb0dcade6f793d7acdef163b5ddc (diff)
3 files changed, 30 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 378b3881c..7ec09babc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,10 @@
   on !ECC OpenSSL systems
 - (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth
   monitor, not preauth; bz#2263
+ - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()
+   using memset_s() where possible; improve fallback to indirect bzero
+   via a volatile pointer to give it more of a chance to avoid being
+   optimised away.
 20140825
 - (djm) [bufec.c] Skip this file on !ECC OpenSSL
diff --git a/configure.ac b/configure.ac
index d5b4377b9..67c4486e7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.582 2014/08/23 07:06:49 djm Exp $
+# $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
-AC_REVISION($Revision: 1.582 $)
+AC_REVISION($Revision: 1.583 $)
 AC_CONFIG_SRCDIR([ssh.c])
 AC_LANG([C])
@@ -1618,6 +1618,7 @@ AC_CHECK_FUNCS([ \
        mblen \
        md5_crypt \
        memmove \
+        memset_s \
        mkdtemp \
        mmap \
        ngetaddrinfo \
diff --git a/openbsd-compat/explicit_bzero.c b/openbsd-compat/explicit_bzero.c
index b106741e5..3c85a4843 100644
--- a/openbsd-compat/explicit_bzero.c
+++ b/openbsd-compat/explicit_bzero.c
@@ -7,14 +7,34 @@
 #include "includes.h"
+/*
+ * explicit_bzero - don't let the compiler optimize away bzero
+ */
 #ifndef HAVE_EXPLICIT_BZERO
+#ifdef HAVE_MEMSET_S
+void
+explicit_bzero(void *p, size_t n)
+{
+        (void)memset_s(p, n, 0, n);
+}
+#else /* HAVE_MEMSET_S */
 /*
- * explicit_bzero - don't let the compiler optimize away bzero
+ * Indirect bzero through a volatile pointer to hopefully avoid
+ * dead-store optimisation eliminating the call.
 */
+static void (* volatile ssh_bzero)(void *, size_t) = bzero;
 void
 explicit_bzero(void *p, size_t n)
 {
-        bzero(p, n);
+        ssh_bzero(p, n);
 }
-#endif
+#endif /* HAVE_MEMSET_S */
+#endif /* HAVE_EXPLICIT_BZERO */
author	Damien Miller <djm@mindrot.org>	2014-08-27 06:32:01 +1000
committer	Damien Miller <djm@mindrot.org>	2014-08-27 06:32:01 +1000
commit	3d673d103bad35afaec6e7ef73e5277216ce33a3 (patch)
tree	646afea264f1f91573e590f1ae5818cfb7f7b296
parent	146218ac11a1eb0dcade6f793d7acdef163b5ddc (diff)

diff --git a/ChangeLog b/ChangeLog index 378b3881c..7ec09babc 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -8,6 +8,10 @@
8	on !ECC OpenSSL systems	8	on !ECC OpenSSL systems
9	- (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth	9	- (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth
10	monitor, not preauth; bz#2263	10	monitor, not preauth; bz#2263
		11	- (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()
		12	using memset_s() where possible; improve fallback to indirect bzero
		13	via a volatile pointer to give it more of a chance to avoid being
		14	optimised away.
11		15
12	20140825	16	20140825
13	- (djm) [bufec.c] Skip this file on !ECC OpenSSL	17	- (djm) [bufec.c] Skip this file on !ECC OpenSSL


diff --git a/configure.ac b/configure.ac index d5b4377b9..67c4486e7 100644 --- a/configure.ac +++ b/configure.ac
@@ -1,4 +1,4 @@
1	# $Id: configure.ac,v 1.582 2014/08/23 07:06:49 djm Exp $	1	# $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $
2	#	2	#
3	# Copyright (c) 1999-2004 Damien Miller	3	# Copyright (c) 1999-2004 Damien Miller
4	#	4	#
@@ -15,7 +15,7 @@
15	# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16		16
17	AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])	17	AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
18	AC_REVISION($Revision: 1.582 $)	18	AC_REVISION($Revision: 1.583 $)
19	AC_CONFIG_SRCDIR([ssh.c])	19	AC_CONFIG_SRCDIR([ssh.c])
20	AC_LANG([C])	20	AC_LANG([C])
21		21
@@ -1618,6 +1618,7 @@ AC_CHECK_FUNCS([ \
1618	mblen \	1618	mblen \
1619	md5_crypt \	1619	md5_crypt \
1620	memmove \	1620	memmove \
		1621	memset_s \
1621	mkdtemp \	1622	mkdtemp \
1622	mmap \	1623	mmap \
1623	ngetaddrinfo \	1624	ngetaddrinfo \


diff --git a/openbsd-compat/explicit_bzero.c b/openbsd-compat/explicit_bzero.c index b106741e5..3c85a4843 100644 --- a/openbsd-compat/explicit_bzero.c +++ b/openbsd-compat/explicit_bzero.c
@@ -7,14 +7,34 @@
7		7
8	#include "includes.h"	8	#include "includes.h"
9		9
		10	/*
		11	* explicit_bzero - don't let the compiler optimize away bzero
		12	*/
		13
10	#ifndef HAVE_EXPLICIT_BZERO	14	#ifndef HAVE_EXPLICIT_BZERO
11		15
		16	#ifdef HAVE_MEMSET_S
		17
		18	void
		19	explicit_bzero(void *p, size_t n)
		20	{
		21	(void)memset_s(p, n, 0, n);
		22	}
		23
		24	#else /* HAVE_MEMSET_S */
		25
12	/*	26	/*
13	* explicit_bzero - don't let the compiler optimize away bzero	27	* Indirect bzero through a volatile pointer to hopefully avoid
		28	* dead-store optimisation eliminating the call.
14	*/	29	*/
		30	static void (* volatile ssh_bzero)(void *, size_t) = bzero;
		31
15	void	32	void
16	explicit_bzero(void *p, size_t n)	33	explicit_bzero(void *p, size_t n)
17	{	34	{
18	bzero(p, n);	35	ssh_bzero(p, n);
19	}	36	}
20	#endif	37
		38	#endif /* HAVE_MEMSET_S */
		39
		40	#endif /* HAVE_EXPLICIT_BZERO */