dholland-sourcechan...@netbsd.org said: > You also want to take steps to make sure that the zeroed cache line is > flushed out.
This would be good, but it is a bit hard on x86 from userland because wbinv is a privileged instruction. Would need a system call. Anyway, here is a first cut on an "explicit_bzero" function which doesn't get optimized away. I've put it to src/common because the same thing makes sense in the kernel too. Comments? best regards Matthias ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDirig Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------
# HG changeset patch # Parent 2aacac6262cc9007f8dfb28f30add312d2a8168c diff -r 2aacac6262cc -r 3417b12dcb66 common/lib/libc/string/explicit_bzero.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/common/lib/libc/string/explicit_bzero.c Tue Nov 29 20:32:08 2011 +0100 @@ -0,0 +1,14 @@ +/* $NetBSD$ */ + +#include <string.h> + +#if !defined(_KERNEL) +#define explicit_bzero __explicit_bzero +#endif + +void +explicit_bzero(void *p, size_t l) +{ + + memset(p, 0, l); +} diff -r 2aacac6262cc -r 3417b12dcb66 include/string.h --- a/include/string.h Tue Nov 29 18:12:59 2011 +0100 +++ b/include/string.h Tue Nov 29 20:32:08 2011 +0100 @@ -107,6 +107,7 @@ char *stresep(char **, const char *, int); char *strndup(const char *, size_t); void *memrchr(const void *, int, size_t); +void __explicit_bzero(void *, size_t); #endif __END_DECLS diff -r 2aacac6262cc -r 3417b12dcb66 lib/libc/string/Makefile.inc --- a/lib/libc/string/Makefile.inc Tue Nov 29 18:12:59 2011 +0100 +++ b/lib/libc/string/Makefile.inc Tue Nov 29 20:32:08 2011 +0100 @@ -19,6 +19,7 @@ SRCS+= strcat.c strcmp.c strcpy.c strcspn.c strlen.c SRCS+= strncat.c strncmp.c strncpy.c strpbrk.c strsep.c SRCS+= strspn.c strstr.c swab.c +SRCS+= explicit_bzero.c SRCS+= memccpy.c memcpy.c memmem.c memmove.c SRCS+= strchr.c strrchr.c diff -r 2aacac6262cc -r 3417b12dcb66 lib/libcrypt/bcrypt.c --- a/lib/libcrypt/bcrypt.c Tue Nov 29 18:12:59 2011 +0100 +++ b/lib/libcrypt/bcrypt.c Tue Nov 29 20:32:08 2011 +0100 @@ -313,7 +313,7 @@ encode_base64((u_int8_t *) encrypted + i + 3, csalt, BCRYPT_MAXSALT); encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext, 4 * BCRYPT_BLOCKS - 1); - memset(&state, 0, sizeof(state)); + __explicit_bzero(&state, sizeof(state)); return encrypted; } diff -r 2aacac6262cc -r 3417b12dcb66 lib/libcrypt/crypt-sha1.c --- a/lib/libcrypt/crypt-sha1.c Tue Nov 29 18:12:59 2011 +0100 +++ b/lib/libcrypt/crypt-sha1.c Tue Nov 29 20:32:08 2011 +0100 @@ -190,7 +190,7 @@ *ep = '\0'; /* Don't leave anything around in vm they could use. */ - memset(hmac_buf, 0, sizeof hmac_buf); + __explicit_bzero(hmac_buf, sizeof hmac_buf); return passwd; } diff -r 2aacac6262cc -r 3417b12dcb66 lib/libcrypt/md5crypt.c --- a/lib/libcrypt/md5crypt.c Tue Nov 29 18:12:59 2011 +0100 +++ b/lib/libcrypt/md5crypt.c Tue Nov 29 20:32:08 2011 +0100 @@ -143,6 +143,6 @@ *p = '\0'; /* Don't leave anything around in vm they could use. */ - memset(final, 0, sizeof(final)); + __explicit_bzero(final, sizeof(final)); return (passwd); }