Module Name: src
Committed By: riastradh
Date: Mon Jun 24 04:21:20 UTC 2013
Modified Files:
src/crypto/external/bsd/libsaslc/dist/src: dict.c
src/crypto/external/bsd/openssh/dist: dns.c
src/distrib/sets/lists/comp: mi
src/include: string.h
src/lib/libc/string: Makefile.inc memcmp.3 memset.3
src/lib/libcrypt: bcrypt.c crypt-sha1.c md5crypt.c
src/share/man/man9: rndsink.9
src/sys/dev: cgd_crypto.c
src/sys/kern: kern_rndsink.c subr_cprng.c
src/sys/lib/libkern: Makefile.libkern arc4random.c libkern.h
src/sys/netipsec: key.c xform_ah.c xform_esp.c
src/sys/opencrypto: cryptosoft.c
Added Files:
src/common/lib/libc/string: consttime_memequal.c explicit_memset.c
src/lib/libc/string: consttime_memequal.3 explicit_memset.3
Removed Files:
src/common/lib/libc/string: consttime_bcmp.c explicit_bzero.c
src/lib/libc/string: consttime_bcmp.3 explicit_bzero.3
Log Message:
Replace consttime_bcmp/explicit_bzero by consttime_memequal/explicit_memset.
consttime_memequal is the same as the old consttime_bcmp.
explicit_memset is to memset as explicit_bzero was to bcmp.
Passes amd64 release and i386/ALL, but I'm sure I missed some spots,
so please let me know.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r0 src/common/lib/libc/string/consttime_bcmp.c \
src/common/lib/libc/string/explicit_bzero.c
cvs rdiff -u -r0 -r1.1 src/common/lib/libc/string/consttime_memequal.c \
src/common/lib/libc/string/explicit_memset.c
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/libsaslc/dist/src/dict.c
cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssh/dist/dns.c
cvs rdiff -u -r1.1826 -r1.1827 src/distrib/sets/lists/comp/mi
cvs rdiff -u -r1.43 -r1.44 src/include/string.h
cvs rdiff -u -r1.77 -r1.78 src/lib/libc/string/Makefile.inc
cvs rdiff -u -r1.1 -r0 src/lib/libc/string/consttime_bcmp.3 \
src/lib/libc/string/explicit_bzero.3
cvs rdiff -u -r0 -r1.1 src/lib/libc/string/consttime_memequal.3 \
src/lib/libc/string/explicit_memset.3
cvs rdiff -u -r1.10 -r1.11 src/lib/libc/string/memcmp.3 \
src/lib/libc/string/memset.3
cvs rdiff -u -r1.17 -r1.18 src/lib/libcrypt/bcrypt.c
cvs rdiff -u -r1.5 -r1.6 src/lib/libcrypt/crypt-sha1.c
cvs rdiff -u -r1.12 -r1.13 src/lib/libcrypt/md5crypt.c
cvs rdiff -u -r1.1 -r1.2 src/share/man/man9/rndsink.9
cvs rdiff -u -r1.11 -r1.12 src/sys/dev/cgd_crypto.c
cvs rdiff -u -r1.1 -r1.2 src/sys/kern/kern_rndsink.c
cvs rdiff -u -r1.19 -r1.20 src/sys/kern/subr_cprng.c
cvs rdiff -u -r1.23 -r1.24 src/sys/lib/libkern/Makefile.libkern
cvs rdiff -u -r1.34 -r1.35 src/sys/lib/libkern/arc4random.c
cvs rdiff -u -r1.106 -r1.107 src/sys/lib/libkern/libkern.h
cvs rdiff -u -r1.81 -r1.82 src/sys/netipsec/key.c
cvs rdiff -u -r1.39 -r1.40 src/sys/netipsec/xform_ah.c
cvs rdiff -u -r1.42 -r1.43 src/sys/netipsec/xform_esp.c
cvs rdiff -u -r1.41 -r1.42 src/sys/opencrypto/cryptosoft.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/libsaslc/dist/src/dict.c
diff -u src/crypto/external/bsd/libsaslc/dist/src/dict.c:1.7 src/crypto/external/bsd/libsaslc/dist/src/dict.c:1.8
--- src/crypto/external/bsd/libsaslc/dist/src/dict.c:1.7 Fri May 10 16:39:25 2013
+++ src/crypto/external/bsd/libsaslc/dist/src/dict.c Mon Jun 24 04:21:19 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: dict.c,v 1.7 2013/05/10 16:39:25 christos Exp $ */
+/* $NetBSD: dict.c,v 1.8 2013/06/24 04:21:19 riastradh Exp $ */
/* Copyright (c) 2010 The NetBSD Foundation, Inc.
* All rights reserved.
@@ -35,7 +35,7 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: dict.c,v 1.7 2013/05/10 16:39:25 christos Exp $");
+__RCSID("$NetBSD: dict.c,v 1.8 2013/06/24 04:21:19 riastradh Exp $");
#include <sys/queue.h>
@@ -136,7 +136,7 @@ saslc__dict_list_node_destroy(saslc__dic
free(node->key);
/* zero value, it may contain sensitive data */
- __explicit_bzero(node->value, node->value_len);
+ __explicit_memset(node->value, 0, node->value_len);
free(node->value);
LIST_REMOVE(node, nodes);
free(node);
Index: src/crypto/external/bsd/openssh/dist/dns.c
diff -u src/crypto/external/bsd/openssh/dist/dns.c:1.5 src/crypto/external/bsd/openssh/dist/dns.c:1.6
--- src/crypto/external/bsd/openssh/dist/dns.c:1.5 Wed Dec 12 17:42:39 2012
+++ src/crypto/external/bsd/openssh/dist/dns.c Mon Jun 24 04:21:19 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: dns.c,v 1.5 2012/12/12 17:42:39 christos Exp $ */
+/* $NetBSD: dns.c,v 1.6 2013/06/24 04:21:19 riastradh Exp $ */
/* $OpenBSD: dns.c,v 1.28 2012/05/23 03:28:28 djm Exp $ */
/*
@@ -27,7 +27,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: dns.c,v 1.5 2012/12/12 17:42:39 christos Exp $");
+__RCSID("$NetBSD: dns.c,v 1.6 2013/06/24 04:21:19 riastradh Exp $");
#include <sys/types.h>
#include <sys/socket.h>
@@ -278,7 +278,7 @@ verify_host_key_dns(const char *hostname
if (hostkey_algorithm == dnskey_algorithm &&
hostkey_digest_type == dnskey_digest_type) {
if (hostkey_digest_len == dnskey_digest_len &&
- __consttime_bcmp(hostkey_digest, dnskey_digest,
+ __consttime_memequal(hostkey_digest, dnskey_digest,
hostkey_digest_len) == 0)
*flags |= DNS_VERIFY_MATCH;
}
Index: src/distrib/sets/lists/comp/mi
diff -u src/distrib/sets/lists/comp/mi:1.1826 src/distrib/sets/lists/comp/mi:1.1827
--- src/distrib/sets/lists/comp/mi:1.1826 Mon Jun 24 01:12:08 2013
+++ src/distrib/sets/lists/comp/mi Mon Jun 24 04:21:19 2013
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.1826 2013/06/24 01:12:08 riastradh Exp $
+# $NetBSD: mi,v 1.1827 2013/06/24 04:21:19 riastradh Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -5159,7 +5159,8 @@
./usr/share/man/cat3/conj.0 comp-c-catman complex,.cat
./usr/share/man/cat3/conjf.0 comp-c-catman complex,.cat
./usr/share/man/cat3/conjl.0 comp-c-catman complex,.cat
-./usr/share/man/cat3/consttime_bcmp.0 comp-c-catman .cat
+./usr/share/man/cat3/consttime_bcmp.0 comp-obsolete obsolete
+./usr/share/man/cat3/consttime_memcmp.0 comp-c-catman .cat
./usr/share/man/cat3/copysign.0 comp-c-catman .cat
./usr/share/man/cat3/copysignf.0 comp-c-catman .cat
./usr/share/man/cat3/copysignl.0 comp-c-catman .cat
@@ -5558,7 +5559,8 @@
./usr/share/man/cat3/exp2.0 comp-c-catman .cat
./usr/share/man/cat3/exp2f.0 comp-c-catman .cat
./usr/share/man/cat3/expf.0 comp-c-catman .cat
-./usr/share/man/cat3/explicit_bzero.0 comp-c-catman .cat
+./usr/share/man/cat3/explicit_bzero.0 comp-obsolete obsolete
+./usr/share/man/cat3/explicit_memset.0 comp-c-catman .cat
./usr/share/man/cat3/expm1.0 comp-c-catman .cat
./usr/share/man/cat3/expm1f.0 comp-c-catman .cat
./usr/share/man/cat3/extattr.0 comp-obsolete obsolete
@@ -11702,7 +11704,8 @@
./usr/share/man/html3/conj.html comp-c-htmlman complex,html
./usr/share/man/html3/conjf.html comp-c-htmlman complex,html
./usr/share/man/html3/conjl.html comp-c-htmlman complex,html
-./usr/share/man/html3/consttime_bcmp.html comp-c-htmlman html
+./usr/share/man/html3/consttime_bcmp.html comp-obsolete obsolete
+./usr/share/man/html3/consttime_memequal.html comp-c-htmlman html
./usr/share/man/html3/copysign.html comp-c-htmlman html
./usr/share/man/html3/copysignf.html comp-c-htmlman html
./usr/share/man/html3/copysignl.html comp-c-htmlman html
@@ -12099,7 +12102,8 @@
./usr/share/man/html3/exp2.html comp-c-htmlman html
./usr/share/man/html3/exp2f.html comp-c-htmlman html
./usr/share/man/html3/expf.html comp-c-htmlman html
-./usr/share/man/html3/explicit_bzero.html comp-c-htmlman html
+./usr/share/man/html3/explicit_bzero.html comp-obsolete obsolete
+./usr/share/man/html3/explicit_memset.html comp-c-htmlman html
./usr/share/man/html3/expm1.html comp-c-htmlman html
./usr/share/man/html3/expm1f.html comp-c-htmlman html
./usr/share/man/html3/extattr.html comp-obsolete obsolete
@@ -18153,7 +18157,8 @@
./usr/share/man/man3/conj.3 comp-c-man complex,.man
./usr/share/man/man3/conjf.3 comp-c-man complex,.man
./usr/share/man/man3/conjl.3 comp-c-man complex,.man
-./usr/share/man/man3/consttime_bcmp.3 comp-c-man .man
+./usr/share/man/man3/consttime_bcmp.3 comp-obsolete obsolete
+./usr/share/man/man3/consttime_memequal.3 comp-c-man .man
./usr/share/man/man3/copysign.3 comp-c-man .man
./usr/share/man/man3/copysignf.3 comp-c-man .man
./usr/share/man/man3/copysignl.3 comp-c-man .man
@@ -18552,7 +18557,8 @@
./usr/share/man/man3/exp2.3 comp-c-man .man
./usr/share/man/man3/exp2f.3 comp-c-man .man
./usr/share/man/man3/expf.3 comp-c-man .man
-./usr/share/man/man3/explicit_bzero.3 comp-c-man .man
+./usr/share/man/man3/explicit_bzero.3 comp-obsolete obsolete
+./usr/share/man/man3/explicit_memset.3 comp-c-man .man
./usr/share/man/man3/expm1.3 comp-c-man .man
./usr/share/man/man3/expm1f.3 comp-c-man .man
./usr/share/man/man3/extattr.3 comp-obsolete obsolete
Index: src/include/string.h
diff -u src/include/string.h:1.43 src/include/string.h:1.44
--- src/include/string.h:1.43 Sun Apr 21 18:41:32 2013
+++ src/include/string.h Mon Jun 24 04:21:20 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: string.h,v 1.43 2013/04/21 18:41:32 joerg Exp $ */
+/* $NetBSD: string.h,v 1.44 2013/06/24 04:21:20 riastradh Exp $ */
/*-
* Copyright (c) 1990, 1993
@@ -109,8 +109,8 @@ char *strsep(char **, const char *);
char *stresep(char **, const char *, int);
char *strndup(const char *, size_t);
void *memrchr(const void *, int, size_t);
-void __explicit_bzero(void *, size_t);
-int __consttime_bcmp(const void *, const void *, size_t);
+void __explicit_memset(void *, int, size_t);
+int __consttime_memequal(const void *, const void *, size_t);
__END_DECLS
#endif
Index: src/lib/libc/string/Makefile.inc
diff -u src/lib/libc/string/Makefile.inc:1.77 src/lib/libc/string/Makefile.inc:1.78
--- src/lib/libc/string/Makefile.inc:1.77 Mon Jun 24 01:12:08 2013
+++ src/lib/libc/string/Makefile.inc Mon Jun 24 04:21:20 2013
@@ -1,5 +1,5 @@
# from: @(#)Makefile.inc 8.1 (Berkeley) 6/4/93
-# $NetBSD: Makefile.inc,v 1.77 2013/06/24 01:12:08 riastradh Exp $
+# $NetBSD: Makefile.inc,v 1.78 2013/06/24 04:21:20 riastradh Exp $
# string sources
.PATH: ${ARCHDIR}/string ${.CURDIR}/string
@@ -19,7 +19,7 @@ SRCS+= bcmp.c bcopy.c bzero.c ffs.c memc
SRCS+= strcat.c strcmp.c strcpy.c strcspn.c strlen.c
SRCS+= strncat.c strncmp.c strncpy.c strpbrk.c strsep.c
SRCS+= strspn.c strstr.c swab.c
-SRCS+= explicit_bzero.c consttime_bcmp.c
+SRCS+= explicit_memset.c consttime_memequal.c
SRCS+= memccpy.c memcpy.c memmem.c memmove.c
SRCS+= strchr.c strrchr.c
@@ -39,8 +39,8 @@ SRCS+= _strlcat.c _strlcpy.c _strerror_r
.include "${ARCHDIR}/string/Makefile.inc"
-MAN+= bm.3 bcmp.3 bcopy.3 bstring.3 bzero.3 consttime_bcmp.3 \
- explicit_bzero.3 ffs.3 index.3 \
+MAN+= bm.3 bcmp.3 bcopy.3 bstring.3 bzero.3 consttime_memequal.3 \
+ explicit_memset.3 ffs.3 index.3 \
memccpy.3 memchr.3 memcmp.3 memcpy.3 memmem.3 memmove.3 memset.3 \
popcount.3 \
rindex.3 strcasecmp.3 strcat.3 strchr.3 strcmp.3 strcoll.3 \
Index: src/lib/libc/string/memcmp.3
diff -u src/lib/libc/string/memcmp.3:1.10 src/lib/libc/string/memcmp.3:1.11
--- src/lib/libc/string/memcmp.3:1.10 Sun Jun 23 16:44:06 2013
+++ src/lib/libc/string/memcmp.3 Mon Jun 24 04:21:20 2013
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" from: @(#)memcmp.3 8.1 (Berkeley) 6/4/93
-.\" $NetBSD: memcmp.3,v 1.10 2013/06/23 16:44:06 riastradh Exp $
+.\" $NetBSD: memcmp.3,v 1.11 2013/06/24 04:21:20 riastradh Exp $
.\"
.Dd June 23, 2013
.Dt MEMCMP 3
@@ -74,11 +74,11 @@ to compare cryptographic secrets, becaus
depending on how many bytes are the same, and thus leaks information
about the two strings by a timing side channel.
To compare secrets, hashes, message authentication codes, etc., use
-.Xr consttime_bcmp 3
+.Xr consttime_memequal 3
instead.
.Sh SEE ALSO
.Xr bcmp 3 ,
-.Xr consttime_bcmp 3 ,
+.Xr consttime_memequal 3 ,
.Xr strcasecmp 3 ,
.Xr strcmp 3 ,
.Xr strcoll 3 ,
Index: src/lib/libc/string/memset.3
diff -u src/lib/libc/string/memset.3:1.10 src/lib/libc/string/memset.3:1.11
--- src/lib/libc/string/memset.3:1.10 Sun Jun 23 16:44:06 2013
+++ src/lib/libc/string/memset.3 Mon Jun 24 04:21:20 2013
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" from: @(#)memset.3 8.1 (Berkeley) 6/4/93
-.\" $NetBSD: memset.3,v 1.10 2013/06/23 16:44:06 riastradh Exp $
+.\" $NetBSD: memset.3,v 1.11 2013/06/24 04:21:20 riastradh Exp $
.\"
.Dd June 23, 2013
.Dt MEMSET 3
@@ -67,10 +67,10 @@ if it can prove that the string will not
for example if it is allocated on the stack and about to out of scope.
If you want to guarantee that zeros are written to memory, for example
to sanitize a buffer holding a cryptographic secret, use
-.Xr explicit_bzero .
+.Xr explicit_memset .
.Sh SEE ALSO
.Xr bzero 3 ,
-.Xr explicit_bzero 3 ,
+.Xr explicit_memset 3 ,
.Xr swab 3
.Sh STANDARDS
The
Index: src/lib/libcrypt/bcrypt.c
diff -u src/lib/libcrypt/bcrypt.c:1.17 src/lib/libcrypt/bcrypt.c:1.18
--- src/lib/libcrypt/bcrypt.c:1.17 Thu Aug 30 12:16:49 2012
+++ src/lib/libcrypt/bcrypt.c Mon Jun 24 04:21:20 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: bcrypt.c,v 1.17 2012/08/30 12:16:49 drochner Exp $ */
+/* $NetBSD: bcrypt.c,v 1.18 2013/06/24 04:21:20 riastradh Exp $ */
/* $OpenBSD: bcrypt.c,v 1.16 2002/02/19 19:39:36 millert Exp $ */
/*
@@ -46,7 +46,7 @@
*
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: bcrypt.c,v 1.17 2012/08/30 12:16:49 drochner Exp $");
+__RCSID("$NetBSD: bcrypt.c,v 1.18 2013/06/24 04:21:20 riastradh Exp $");
#include <stdio.h>
#include <stdlib.h>
@@ -314,7 +314,7 @@ __bcrypt(const char *key, const char *sa
encode_base64((u_int8_t *) encrypted + i + 3, csalt, BCRYPT_MAXSALT);
encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext,
4 * BCRYPT_BLOCKS - 1);
- __explicit_bzero(&state, sizeof(state));
+ __explicit_memset(&state, 0, sizeof(state));
return encrypted;
}
Index: src/lib/libcrypt/crypt-sha1.c
diff -u src/lib/libcrypt/crypt-sha1.c:1.5 src/lib/libcrypt/crypt-sha1.c:1.6
--- src/lib/libcrypt/crypt-sha1.c:1.5 Thu Aug 30 12:16:49 2012
+++ src/lib/libcrypt/crypt-sha1.c Mon Jun 24 04:21:20 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: crypt-sha1.c,v 1.5 2012/08/30 12:16:49 drochner Exp $ */
+/* $NetBSD: crypt-sha1.c,v 1.6 2013/06/24 04:21:20 riastradh Exp $ */
/*
* Copyright (c) 2004, Juniper Networks, Inc.
@@ -31,7 +31,7 @@
#include <sys/cdefs.h>
#if !defined(lint)
-__RCSID("$NetBSD: crypt-sha1.c,v 1.5 2012/08/30 12:16:49 drochner Exp $");
+__RCSID("$NetBSD: crypt-sha1.c,v 1.6 2013/06/24 04:21:20 riastradh Exp $");
#endif /* not lint */
#include <stdlib.h>
@@ -190,7 +190,7 @@ __crypt_sha1 (const char *pw, const char
*ep = '\0';
/* Don't leave anything around in vm they could use. */
- __explicit_bzero(hmac_buf, sizeof hmac_buf);
+ __explicit_memset(hmac_buf, 0, sizeof hmac_buf);
return passwd;
}
Index: src/lib/libcrypt/md5crypt.c
diff -u src/lib/libcrypt/md5crypt.c:1.12 src/lib/libcrypt/md5crypt.c:1.13
--- src/lib/libcrypt/md5crypt.c:1.12 Thu Aug 30 12:16:49 2012
+++ src/lib/libcrypt/md5crypt.c Mon Jun 24 04:21:20 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: md5crypt.c,v 1.12 2012/08/30 12:16:49 drochner Exp $ */
+/* $NetBSD: md5crypt.c,v 1.13 2013/06/24 04:21:20 riastradh Exp $ */
/*
* ----------------------------------------------------------------------------
@@ -15,7 +15,7 @@
#include <sys/cdefs.h>
#if !defined(lint)
-__RCSID("$NetBSD: md5crypt.c,v 1.12 2012/08/30 12:16:49 drochner Exp $");
+__RCSID("$NetBSD: md5crypt.c,v 1.13 2013/06/24 04:21:20 riastradh Exp $");
#endif /* not lint */
#include <unistd.h>
@@ -143,6 +143,6 @@ __md5crypt(const char *pw, const char *s
*p = '\0';
/* Don't leave anything around in vm they could use. */
- __explicit_bzero(final, sizeof(final));
+ __explicit_memset(final, 0, sizeof(final));
return (passwd);
}
Index: src/share/man/man9/rndsink.9
diff -u src/share/man/man9/rndsink.9:1.1 src/share/man/man9/rndsink.9:1.2
--- src/share/man/man9/rndsink.9:1.1 Sun Jun 23 02:35:23 2013
+++ src/share/man/man9/rndsink.9 Mon Jun 24 04:21:20 2013
@@ -1,4 +1,4 @@
-.\" $NetBSD: rndsink.9,v 1.1 2013/06/23 02:35:23 riastradh Exp $
+.\" $NetBSD: rndsink.9,v 1.2 2013/06/24 04:21:20 riastradh Exp $
.\"
.\" Copyright (c) 2013 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -122,7 +122,7 @@ May be called at
.Dv IPL_VM
or lower.
The caller should use
-.Xr explicit_bzero 3
+.Xr explicit_memset 3
to clear
.Fa buffer
once it has used the data stored there.
@@ -139,7 +139,7 @@ The rndsink API is implemented in
and
.Pa sys/sys/rndsink.h .
.Sh SEE ALSO
-.Xr explicit_bzero 3 ,
+.Xr explicit_memset 3 ,
.Xr cprng 9 ,
.Xr rnd 9
.Sh HISTORY
Index: src/sys/dev/cgd_crypto.c
diff -u src/sys/dev/cgd_crypto.c:1.11 src/sys/dev/cgd_crypto.c:1.12
--- src/sys/dev/cgd_crypto.c:1.11 Wed Dec 5 02:23:20 2012
+++ src/sys/dev/cgd_crypto.c Mon Jun 24 04:21:20 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: cgd_crypto.c,v 1.11 2012/12/05 02:23:20 christos Exp $ */
+/* $NetBSD: cgd_crypto.c,v 1.12 2013/06/24 04:21:20 riastradh Exp $ */
/*-
* Copyright (c) 2002 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cgd_crypto.c,v 1.11 2012/12/05 02:23:20 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cgd_crypto.c,v 1.12 2013/06/24 04:21:20 riastradh Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -210,7 +210,7 @@ cgd_cipher_aes_destroy(void *data)
{
struct aes_privdata *apd = data;
- explicit_bzero(apd, sizeof(*apd));
+ explicit_memset(apd, 0, sizeof(*apd));
free(apd, M_DEVBUF);
}
@@ -296,7 +296,7 @@ cgd_cipher_3des_init(size_t keylen, cons
error |= des_key_sched(block + 1, cp->cp_key2);
error |= des_key_sched(block + 2, cp->cp_key3);
if (error) {
- explicit_bzero(cp, sizeof(*cp));
+ explicit_memset(cp, 0, sizeof(*cp));
free(cp, M_DEVBUF);
return NULL;
}
@@ -308,7 +308,7 @@ cgd_cipher_3des_destroy(void *data)
{
struct c3des_privdata *cp = data;
- explicit_bzero(cp, sizeof(*cp));
+ explicit_memset(cp, 0, sizeof(*cp));
free(cp, M_DEVBUF);
}
@@ -393,7 +393,7 @@ cgd_cipher_bf_destroy(void *data)
{
struct bf_privdata *bp = data;
- explicit_bzero(bp, sizeof(*bp));
+ explicit_memset(bp, 0, sizeof(*bp));
free(bp, M_DEVBUF);
}
Index: src/sys/kern/kern_rndsink.c
diff -u src/sys/kern/kern_rndsink.c:1.1 src/sys/kern/kern_rndsink.c:1.2
--- src/sys/kern/kern_rndsink.c:1.1 Sun Jun 23 02:35:24 2013
+++ src/sys/kern/kern_rndsink.c Mon Jun 24 04:21:20 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_rndsink.c,v 1.1 2013/06/23 02:35:24 riastradh Exp $ */
+/* $NetBSD: kern_rndsink.c,v 1.2 2013/06/24 04:21:20 riastradh Exp $ */
/*-
* Copyright (c) 2013 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_rndsink.c,v 1.1 2013/06/23 02:35:24 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_rndsink.c,v 1.2 2013/06/24 04:21:20 riastradh Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -156,7 +156,7 @@ rndsinks_distribute(void)
uint8_t buffer[RNDSINK_MAX_BYTES];
struct rndsink *rndsink;
- explicit_bzero(buffer, sizeof(buffer)); /* paranoia */
+ explicit_memset(buffer, 0, sizeof(buffer)); /* paranoia */
mutex_spin_enter(&rndsinks_lock);
while ((rndsink = TAILQ_FIRST(&rndsinks)) != NULL) {
@@ -178,7 +178,7 @@ rndsinks_distribute(void)
(*rndsink->rsink_callback)(rndsink->rsink_arg, buffer,
rndsink->rsink_bytes);
- explicit_bzero(buffer, rndsink->rsink_bytes);
+ explicit_memset(buffer, 0, rndsink->rsink_bytes);
mutex_spin_enter(&rndsinks_lock);
@@ -199,7 +199,7 @@ rndsinks_distribute(void)
}
mutex_spin_exit(&rndsinks_lock);
- explicit_bzero(buffer, sizeof(buffer)); /* paranoia */
+ explicit_memset(buffer, 0, sizeof(buffer)); /* paranoia */
}
static void
Index: src/sys/kern/subr_cprng.c
diff -u src/sys/kern/subr_cprng.c:1.19 src/sys/kern/subr_cprng.c:1.20
--- src/sys/kern/subr_cprng.c:1.19 Mon Jun 24 00:56:21 2013
+++ src/sys/kern/subr_cprng.c Mon Jun 24 04:21:20 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: subr_cprng.c,v 1.19 2013/06/24 00:56:21 riastradh Exp $ */
+/* $NetBSD: subr_cprng.c,v 1.20 2013/06/24 04:21:20 riastradh Exp $ */
/*-
* Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_cprng.c,v 1.19 2013/06/24 00:56:21 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_cprng.c,v 1.20 2013/06/24 04:21:20 riastradh Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -132,7 +132,7 @@ cprng_strong_create(const char *name, in
/* XXX Fix nist_ctr_drbg API so this can't happen. */
panic("cprng %s: NIST CTR_DRBG instantiation failed",
cprng->cs_name);
- explicit_bzero(seed, sizeof(seed));
+ explicit_memset(seed, 0, sizeof(seed));
if (!cprng->cs_ready && !ISSET(flags, CPRNG_INIT_ANY))
printf("cprng %s: creating with partial entropy\n",
@@ -160,7 +160,7 @@ cprng_strong_destroy(struct cprng_strong
cv_destroy(&cprng->cs_cv);
mutex_destroy(&cprng->cs_lock);
- explicit_bzero(cprng, sizeof(*cprng)); /* paranoia */
+ explicit_memset(cprng, 0, sizeof(*cprng)); /* paranoia */
kmem_free(cprng, sizeof(*cprng));
}
@@ -366,7 +366,7 @@ cprng_strong_reseed(struct cprng_strong
const bool full_entropy = rndsink_request(cprng->cs_rndsink, seed,
sizeof(seed));
cprng_strong_reseed_from(cprng, seed, sizeof(seed), full_entropy);
- explicit_bzero(seed, sizeof(seed));
+ explicit_memset(seed, 0, sizeof(seed));
}
/*
@@ -446,7 +446,7 @@ cprng_strong_rngtest(struct cprng_strong
rndsink_schedule(cprng->cs_rndsink);
}
- explicit_bzero(rt, sizeof(*rt)); /* paranoia */
+ explicit_memset(rt, 0, sizeof(*rt)); /* paranoia */
kmem_intr_free(rt, sizeof(*rt));
}
#endif
Index: src/sys/lib/libkern/Makefile.libkern
diff -u src/sys/lib/libkern/Makefile.libkern:1.23 src/sys/lib/libkern/Makefile.libkern:1.24
--- src/sys/lib/libkern/Makefile.libkern:1.23 Sun Mar 17 00:47:13 2013
+++ src/sys/lib/libkern/Makefile.libkern Mon Jun 24 04:21:20 2013
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.libkern,v 1.23 2013/03/17 00:47:13 christos Exp $
+# $NetBSD: Makefile.libkern,v 1.24 2013/06/24 04:21:20 riastradh Exp $
#
# Variable definitions for libkern.
@@ -96,7 +96,7 @@ SRCS+= xlat_mbr_fstype.c
SRCS+= heapsort.c ptree.c rb.c
# for crypto
-SRCS+= explicit_bzero.c consttime_bcmp.c
+SRCS+= explicit_memset.c consttime_memequal.c
# Files to clean up
CLEANFILES+= lib${LIB}.o lib${LIB}.po
Index: src/sys/lib/libkern/arc4random.c
diff -u src/sys/lib/libkern/arc4random.c:1.34 src/sys/lib/libkern/arc4random.c:1.35
--- src/sys/lib/libkern/arc4random.c:1.34 Sun Jun 23 02:38:22 2013
+++ src/sys/lib/libkern/arc4random.c Mon Jun 24 04:21:20 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: arc4random.c,v 1.34 2013/06/23 02:38:22 riastradh Exp $ */
+/* $NetBSD: arc4random.c,v 1.35 2013/06/24 04:21:20 riastradh Exp $ */
/*-
* Copyright (c) 2002, 2011 The NetBSD Foundation, Inc.
@@ -145,7 +145,7 @@ arc4_randrekey(void)
const bool full_entropy = rndsink_request(arc4_rndsink, seed,
sizeof(seed));
arc4_randrekey_from(seed, full_entropy);
- explicit_bzero(seed, sizeof(seed));
+ explicit_memset(seed, 0, sizeof(seed));
}
/*
@@ -171,7 +171,7 @@ arc4_randrekey_from(const uint8_t seed[A
}
arc4_i = arc4_j;
- explicit_bzero(key, sizeof(key));
+ explicit_memset(key, 0, sizeof(key));
/*
* Throw away the first N words of output, as suggested in the
Index: src/sys/lib/libkern/libkern.h
diff -u src/sys/lib/libkern/libkern.h:1.106 src/sys/lib/libkern/libkern.h:1.107
--- src/sys/lib/libkern/libkern.h:1.106 Thu Aug 30 12:16:49 2012
+++ src/sys/lib/libkern/libkern.h Mon Jun 24 04:21:20 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: libkern.h,v 1.106 2012/08/30 12:16:49 drochner Exp $ */
+/* $NetBSD: libkern.h,v 1.107 2013/06/24 04:21:20 riastradh Exp $ */
/*-
* Copyright (c) 1992, 1993
@@ -346,6 +346,6 @@ unsigned int popcountll(unsigned long lo
unsigned int popcount32(uint32_t) __constfunc;
unsigned int popcount64(uint64_t) __constfunc;
-void explicit_bzero(void *, size_t);
-int consttime_bcmp(const void *, const void *, size_t);
+void explicit_memset(void *, int, size_t);
+int consttime_memequal(const void *, const void *, size_t);
#endif /* !_LIB_LIBKERN_LIBKERN_H_ */
Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.81 src/sys/netipsec/key.c:1.82
--- src/sys/netipsec/key.c:1.81 Wed Jun 5 19:01:26 2013
+++ src/sys/netipsec/key.c Mon Jun 24 04:21:20 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.81 2013/06/05 19:01:26 christos Exp $ */
+/* $NetBSD: key.c,v 1.82 2013/06/24 04:21:20 riastradh Exp $ */
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.81 2013/06/05 19:01:26 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.82 2013/06/24 04:21:20 riastradh Exp $");
/*
* This code is referd to RFC 2367
@@ -3030,9 +3030,11 @@ key_delsav(struct secasvar *sav)
sav->tdb_xform = NULL;
} else {
if (sav->key_auth != NULL)
- explicit_bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
+ explicit_memset(_KEYBUF(sav->key_auth), 0,
+ _KEYLEN(sav->key_auth));
if (sav->key_enc != NULL)
- explicit_bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
+ explicit_memset(_KEYBUF(sav->key_enc), 0,
+ _KEYLEN(sav->key_enc));
}
if (sav->key_auth != NULL) {
KFREE(sav->key_auth);
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.39 src/sys/netipsec/xform_ah.c:1.40
--- src/sys/netipsec/xform_ah.c:1.39 Tue Jun 4 22:47:37 2013
+++ src/sys/netipsec/xform_ah.c Mon Jun 24 04:21:20 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.39 2013/06/04 22:47:37 christos Exp $ */
+/* $NetBSD: xform_ah.c,v 1.40 2013/06/24 04:21:20 riastradh Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.39 2013/06/04 22:47:37 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.40 2013/06/24 04:21:20 riastradh Exp $");
#include "opt_inet.h"
#ifdef __FreeBSD__
@@ -910,7 +910,7 @@ ah_input_cb(struct cryptop *crp)
ptr = (char *) (tc + 1);
/* Verify authenticator. */
- if (consttime_bcmp(ptr + skip + rplen, calc, authsize)) {
+ if (consttime_memequal(ptr + skip + rplen, calc, authsize)) {
u_int8_t *pppp = ptr + skip+rplen;
DPRINTF(("ah_input: authentication hash mismatch " \
"over %d bytes " \
Index: src/sys/netipsec/xform_esp.c
diff -u src/sys/netipsec/xform_esp.c:1.42 src/sys/netipsec/xform_esp.c:1.43
--- src/sys/netipsec/xform_esp.c:1.42 Tue Jun 4 22:47:37 2013
+++ src/sys/netipsec/xform_esp.c Mon Jun 24 04:21:20 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_esp.c,v 1.42 2013/06/04 22:47:37 christos Exp $ */
+/* $NetBSD: xform_esp.c,v 1.43 2013/06/24 04:21:20 riastradh Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.42 2013/06/04 22:47:37 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.43 2013/06/24 04:21:20 riastradh Exp $");
#include "opt_inet.h"
#ifdef __FreeBSD__
@@ -593,7 +593,8 @@ esp_input_cb(struct cryptop *crp)
ptr = (tc + 1);
/* Verify authenticator */
- if (consttime_bcmp(ptr, aalg, esph->authsize) != 0) {
+ if (consttime_memequal(ptr, aalg, esph->authsize)
+ != 0) {
DPRINTF(("esp_input_cb: "
"authentication hash mismatch for packet in SA %s/%08lx\n",
ipsec_address(&saidx->dst),
Index: src/sys/opencrypto/cryptosoft.c
diff -u src/sys/opencrypto/cryptosoft.c:1.41 src/sys/opencrypto/cryptosoft.c:1.42
--- src/sys/opencrypto/cryptosoft.c:1.41 Sat Feb 2 21:38:24 2013
+++ src/sys/opencrypto/cryptosoft.c Mon Jun 24 04:21:20 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: cryptosoft.c,v 1.41 2013/02/02 21:38:24 christos Exp $ */
+/* $NetBSD: cryptosoft.c,v 1.42 2013/06/24 04:21:20 riastradh Exp $ */
/* $FreeBSD: src/sys/opencrypto/cryptosoft.c,v 1.2.2.1 2002/11/21 23:34:23 sam Exp $ */
/* $OpenBSD: cryptosoft.c,v 1.35 2002/04/26 08:43:50 deraadt Exp $ */
@@ -24,7 +24,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.41 2013/02/02 21:38:24 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.42 2013/06/24 04:21:20 riastradh Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -1090,11 +1090,11 @@ swcr_freesession(void *arg, u_int64_t ti
axf = swd->sw_axf;
if (swd->sw_ictx) {
- explicit_bzero(swd->sw_ictx, axf->ctxsize);
+ explicit_memset(swd->sw_ictx, 0, axf->ctxsize);
free(swd->sw_ictx, M_CRYPTO_DATA);
}
if (swd->sw_octx) {
- explicit_bzero(swd->sw_octx, axf->ctxsize);
+ explicit_memset(swd->sw_octx, 0, axf->ctxsize);
free(swd->sw_octx, M_CRYPTO_DATA);
}
break;
@@ -1104,11 +1104,11 @@ swcr_freesession(void *arg, u_int64_t ti
axf = swd->sw_axf;
if (swd->sw_ictx) {
- explicit_bzero(swd->sw_ictx, axf->ctxsize);
+ explicit_memset(swd->sw_ictx, 0, axf->ctxsize);
free(swd->sw_ictx, M_CRYPTO_DATA);
}
if (swd->sw_octx) {
- explicit_bzero(swd->sw_octx, swd->sw_klen);
+ explicit_memset(swd->sw_octx, 0, swd->sw_klen);
free(swd->sw_octx, M_CRYPTO_DATA);
}
break;
@@ -1122,7 +1122,7 @@ swcr_freesession(void *arg, u_int64_t ti
axf = swd->sw_axf;
if (swd->sw_ictx) {
- explicit_bzero(swd->sw_ictx, axf->ctxsize);
+ explicit_memset(swd->sw_ictx, 0, axf->ctxsize);
free(swd->sw_ictx, M_CRYPTO_DATA);
}
break;
Added files:
Index: src/common/lib/libc/string/consttime_memequal.c
diff -u /dev/null src/common/lib/libc/string/consttime_memequal.c:1.1
--- /dev/null Mon Jun 24 04:21:20 2013
+++ src/common/lib/libc/string/consttime_memequal.c Mon Jun 24 04:21:19 2013
@@ -0,0 +1,19 @@
+/* $NetBSD: consttime_memequal.c,v 1.1 2013/06/24 04:21:19 riastradh Exp $ */
+
+#if !defined(_KERNEL) && !defined(_STANDALONE)
+#include <string.h>
+#define consttime_memequal __consttime_memequal
+#else
+#include <lib/libkern/libkern.h>
+#endif
+
+int
+consttime_memequal(const void *b1, const void *b2, size_t len)
+{
+ const char *c1 = b1, *c2 = b2;
+ int res = 0;
+
+ while (len --)
+ res |= *c1++ ^ *c2++;
+ return res;
+}
Index: src/common/lib/libc/string/explicit_memset.c
diff -u /dev/null src/common/lib/libc/string/explicit_memset.c:1.1
--- /dev/null Mon Jun 24 04:21:20 2013
+++ src/common/lib/libc/string/explicit_memset.c Mon Jun 24 04:21:19 2013
@@ -0,0 +1,22 @@
+/* $NetBSD: explicit_memset.c,v 1.1 2013/06/24 04:21:19 riastradh Exp $ */
+
+#if !defined(_KERNEL) && !defined(_STANDALONE)
+#include <string.h>
+#define explicit_memset __explicit_memset
+#define explicit_memset_impl __explicit_memset_impl
+#else
+#include <lib/libkern/libkern.h>
+#endif
+
+/*
+ * The use of a volatile pointer guarantees that the compiler
+ * will not optimise the call away.
+ */
+void *(* volatile explicit_memset_impl)(void *, int, size_t) = memset;
+
+void
+explicit_memset(void *b, int c, size_t len)
+{
+
+ (*explicit_memset_impl)(b, c, len);
+}
Index: src/lib/libc/string/consttime_memequal.3
diff -u /dev/null src/lib/libc/string/consttime_memequal.3:1.1
--- /dev/null Mon Jun 24 04:21:20 2013
+++ src/lib/libc/string/consttime_memequal.3 Mon Jun 24 04:21:20 2013
@@ -0,0 +1,88 @@
+.\" $NetBSD: consttime_memequal.3,v 1.1 2013/06/24 04:21:20 riastradh Exp $
+.\"
+.\" Copyright (c) 2013 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This documentation is derived from text contributed to The NetBSD
+.\" Foundation by Taylor R. Campbell.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd June 23, 2013
+.Dt CONSTTIME_MEMEQUAL 3
+.Os
+.Sh NAME
+.Nm consttime_memequal
+.Nd compare byte strings for equality without timing leaks
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In string.h
+.Ft int
+.Fn consttime_memequal "void *b1" "void *b2" "size_t len"
+.Sh DESCRIPTION
+The
+.Fn consttime_memequal
+function compares
+.Fa len
+bytes of memory at
+.Fa b1
+and
+.Fa b2
+for equality, returning zero if they are identical and nonzero
+otherwise.
+.Pp
+The time taken by
+.Fn consttime_memequal
+depends on
+.Fa len ,
+but not on the data at
+.Fa b1
+or
+.Fa b2 .
+Thus,
+.Fn consttime_memequal
+is appropriate for comparing cryptographic secrets, hashes, message
+authentication codes, etc., without leaking information about them
+through a timing side channel.
+In crypto literature,
+.Fn consttime_memequal
+is said to take
+.Sq constant time ,
+meaning time that does not vary depending on the data it processes.
+.Pp
+Note that unlike
+.Xr memcmp 3 ,
+.Fn consttime_memequal
+does not return a lexicographic ordering on the data at
+.Fa b1
+and
+.Fa b2 ;
+it tells only whether they are equal.
+.Sh SEE ALSO
+.Xr explicit_memset 3 ,
+.Xr memcmp 3
+.Sh HISTORY
+The
+.Fn consttime_memequal
+function appeared in
+.Nx 7.0 .
Index: src/lib/libc/string/explicit_memset.3
diff -u /dev/null src/lib/libc/string/explicit_memset.3:1.1
--- /dev/null Mon Jun 24 04:21:20 2013
+++ src/lib/libc/string/explicit_memset.3 Mon Jun 24 04:21:20 2013
@@ -0,0 +1,77 @@
+.\" $NetBSD: explicit_memset.3,v 1.1 2013/06/24 04:21:20 riastradh Exp $
+.\"
+.\" Copyright (c) 2013 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This documentation is derived from text contributed to The NetBSD
+.\" Foundation by Taylor R. Campbell.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd June 23, 2013
+.Dt EXPLICIT_MEMSET 3
+.Os
+.Sh NAME
+.Nm explicit_memset
+.Nd guarantee writing a byte to a byte string
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In string.h
+.Ft void
+.Fn explicit_memset "void *b" "int c" "size_t len"
+.Sh DESCRIPTION
+The
+.Fn explicit_memset
+function writes
+.Fa len
+bytes of value
+.Fa c
+(converted to an unsigned char) to the string
+.Fa b .
+It is guaranteed not to be optimized away by the compiler even if
+.Fa b
+is no longer used and is about to be freed or go out of scope.
+.Sh EXAMPLES
+Create a buffer on the stack for a secret key, use it, and then zero it
+in memory before throwing it away.
+.Bd -literal -offset indent
+void
+f(void)
+{
+ uint8_t key[32];
+
+ crypto_random(key, sizeof(key));
+ do_crypto_stuff(key, sizeof(key));
+ \&...
+
+ explicit_memset(key, 0, sizeof(key));
+}
+.Ed
+.Sh SEE ALSO
+.Xr consttime_memequal 3 ,
+.Xr memset 3
+.Sh HISTORY
+The
+.Fn explicit_memset
+function appeared in
+.Nx 7.0 .
