diff options
| author | Paul Eggert | 2017-07-16 16:22:33 -0700 |
|---|---|---|
| committer | Paul Eggert | 2017-07-16 16:29:12 -0700 |
| commit | 59f6972134f312863dc761bf66a954a8036d0d86 (patch) | |
| tree | cd479a7fe59b72985f98e57c4b4d861c01cf5bc8 /lib/explicit_bzero.c | |
| parent | 252444aaa3a7cb9fc70289a5a3920f8a9d848109 (diff) | |
| download | emacs-59f6972134f312863dc761bf66a954a8036d0d86.tar.gz emacs-59f6972134f312863dc761bf66a954a8036d0d86.zip | |
Use explicit_bzero to clear GnuTLS keys
* admin/merge-gnulib (GNULIB_MODULES): Add explicit_bzero.
* lib/explicit_bzero.c, m4/explicit_bzero.m4: New files.
* lib/gnulib.mk.in, m4/gnulib-comp.m4: Regenerate.
* src/gnutls.c (clear_storage): New function.
(gnutls_symmetric_aead): Use it instead of memset.
Diffstat (limited to 'lib/explicit_bzero.c')
| -rw-r--r-- | lib/explicit_bzero.c | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/lib/explicit_bzero.c b/lib/explicit_bzero.c new file mode 100644 index 00000000000..262c68f9cd6 --- /dev/null +++ b/lib/explicit_bzero.c | |||
| @@ -0,0 +1,48 @@ | |||
| 1 | /* Erasure of sensitive data, generic implementation. | ||
| 2 | Copyright (C) 2016-2017 Free Software Foundation, Inc. | ||
| 3 | This file is part of the GNU C Library. | ||
| 4 | |||
| 5 | The GNU C Library is free software; you can redistribute it and/or | ||
| 6 | modify it under the terms of the GNU General Public | ||
| 7 | License as published by the Free Software Foundation; either | ||
| 8 | version 3 of the License, or (at your option) any later version. | ||
| 9 | |||
| 10 | The GNU C Library is distributed in the hope that it will be useful, | ||
| 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
| 13 | General Public License for more details. | ||
| 14 | |||
| 15 | You should have received a copy of the GNU General Public | ||
| 16 | License along with the GNU C Library; if not, see | ||
| 17 | <http://www.gnu.org/licenses/>. */ | ||
| 18 | |||
| 19 | /* An assembler implementation of explicit_bzero can be created as an | ||
| 20 | assembler alias of an optimized bzero implementation. | ||
| 21 | Architecture-specific implementations also need to define | ||
| 22 | __explicit_bzero_chk. */ | ||
| 23 | |||
| 24 | #if !_LIBC | ||
| 25 | # include <config.h> | ||
| 26 | #endif | ||
| 27 | |||
| 28 | #include <string.h> | ||
| 29 | |||
| 30 | /* glibc-internal users use __explicit_bzero_chk, and explicit_bzero | ||
| 31 | redirects to that. */ | ||
| 32 | #undef explicit_bzero | ||
| 33 | |||
| 34 | /* Set LEN bytes of S to 0. The compiler will not delete a call to | ||
| 35 | this function, even if S is dead after the call. */ | ||
| 36 | void | ||
| 37 | explicit_bzero (void *s, size_t len) | ||
| 38 | { | ||
| 39 | #ifdef HAVE_EXPLICIT_MEMSET | ||
| 40 | explicit_memset (s, 0, len); | ||
| 41 | #else | ||
| 42 | memset (s, '\0', len); | ||
| 43 | # ifdef __GNUC__ | ||
| 44 | /* Compiler barrier. */ | ||
| 45 | asm volatile ("" ::: "memory"); | ||
| 46 | # endif | ||
| 47 | #endif | ||
| 48 | } | ||