Use explicit_bzero to clear GnuTLS keys

* admin/merge-gnulib (GNULIB_MODULES): Add explicit_bzero. * lib/explicit_bzero.c, m4/explicit_bzero.m4: New files. * lib/gnulib.mk.in, m4/gnulib-comp.m4: Regenerate. * src/gnutls.c (clear_storage): New function. (gnutls_symmetric_aead): Use it instead of memset.
author: Paul Eggert 2017-07-16 16:22:33 -0700
committer: Paul Eggert 2017-07-16 16:29:12 -0700
commit: 59f6972134f312863dc761bf66a954a8036d0d86 (patch)
tree: cd479a7fe59b72985f98e57c4b4d861c01cf5bc8 /lib
parent: 252444aaa3a7cb9fc70289a5a3920f8a9d848109 (diff)
download: emacs-59f6972134f312863dc761bf66a954a8036d0d86.tar.gz
emacs-59f6972134f312863dc761bf66a954a8036d0d86.zip
2 files changed, 60 insertions, 1 deletions
diff --git a/lib/explicit_bzero.c b/lib/explicit_bzero.c
new file mode 100644
index 00000000000..262c68f9cd6
--- /dev/null
+++ b/lib/explicit_bzero.c
@@ -0,0 +1,48 @@
+/* Erasure of sensitive data, generic implementation.
+   Copyright (C) 2016-2017 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+   You should have received a copy of the GNU General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+/* An assembler implementation of explicit_bzero can be created as an
+   assembler alias of an optimized bzero implementation.
+   Architecture-specific implementations also need to define
+   __explicit_bzero_chk.  */
+#if !_LIBC
+# include <config.h>
+#endif
+#include <string.h>
+/* glibc-internal users use __explicit_bzero_chk, and explicit_bzero
+   redirects to that.  */
+#undef explicit_bzero
+/* Set LEN bytes of S to 0.  The compiler will not delete a call to
+   this function, even if S is dead after the call.  */
+void
+explicit_bzero (void *s, size_t len)
+{
+#ifdef HAVE_EXPLICIT_MEMSET
+  explicit_memset (s, 0, len);
+#else
+  memset (s, '\0', len);
+# ifdef __GNUC__
+  /* Compiler barrier.  */
+  asm volatile ("" ::: "memory");
+# endif
+#endif
+}
diff --git a/lib/gnulib.mk.in b/lib/gnulib.mk.in
index ae5ae87a521..e20487b10b4 100644
--- a/lib/gnulib.mk.in
+++ b/lib/gnulib.mk.in
@@ -21,7 +21,7 @@
 # the same distribution terms as the rest of that program.
 #
 # Generated by gnulib-tool.
-# Reproduce by: gnulib-tool --import --lib=libgnu --source-base=lib --m4-base=m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --avoid=close --avoid=dup --avoid=fchdir --avoid=fstat --avoid=malloc-posix --avoid=msvc-inval --avoid=msvc-nothrow --avoid=open --avoid=openat-die --avoid=opendir --avoid=raise --avoid=save-cwd --avoid=select --avoid=setenv --avoid=sigprocmask --avoid=stat --avoid=stdarg --avoid=stdbool --avoid=threadlib --avoid=tzset --avoid=unsetenv --avoid=utime --avoid=utime-h --gnu-make --makefile-name=gnulib.mk.in --conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files alloca-opt binary-io byteswap c-ctype c-strcase careadlinkat close-stream count-leading-zeros count-one-bits count-trailing-zeros crypto/md5 crypto/sha1 crypto/sha256 crypto/sha512 diffseq dtoastr dtotimespec dup2 environ execinfo faccessat fcntl fcntl-h fdatasync fdopendir filemode filevercmp flexmember fstatat fsync getloadavg getopt-gnu gettime gettimeofday gitlog-to-changelog ignore-value intprops largefile lstat manywarnings memrchr minmax mkostemp mktime pipe2 pselect pthread_sigmask putenv qcopy-acl readlink readlinkat sig2str socklen stat-time std-gnu11 stdalign stddef stdio stpcpy strftime strtoimax symlink sys_stat sys_time time time_r time_rz timegm timer-time timespec-add timespec-sub unlocked-io update-copyright utimens vla warnings
+# Reproduce by: gnulib-tool --import --lib=libgnu --source-base=lib --m4-base=m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --avoid=close --avoid=dup --avoid=fchdir --avoid=fstat --avoid=malloc-posix --avoid=msvc-inval --avoid=msvc-nothrow --avoid=open --avoid=openat-die --avoid=opendir --avoid=raise --avoid=save-cwd --avoid=select --avoid=setenv --avoid=sigprocmask --avoid=stat --avoid=stdarg --avoid=stdbool --avoid=threadlib --avoid=tzset --avoid=unsetenv --avoid=utime --avoid=utime-h --gnu-make --makefile-name=gnulib.mk.in --conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files alloca-opt binary-io byteswap c-ctype c-strcase careadlinkat close-stream count-leading-zeros count-one-bits count-trailing-zeros crypto/md5 crypto/sha1 crypto/sha256 crypto/sha512 diffseq dtoastr dtotimespec dup2 environ execinfo explicit_bzero faccessat fcntl fcntl-h fdatasync fdopendir filemode filevercmp flexmember fstatat fsync getloadavg getopt-gnu gettime gettimeofday gitlog-to-changelog ignore-value intprops largefile lstat manywarnings memrchr minmax mkostemp mktime pipe2 pselect pthread_sigmask putenv qcopy-acl readlink readlinkat sig2str socklen stat-time std-gnu11 stdalign stddef stdio stpcpy strftime strtoimax symlink sys_stat sys_time time time_r time_rz timegm timer-time timespec-add timespec-sub unlocked-io update-copyright utimens vla warnings
 MOSTLYCLEANFILES += core *.stackdump
@@ -1358,6 +1358,17 @@ EXTRA_libgnu_a_SOURCES += execinfo.c
 endif
 ## end   gnulib module execinfo
+## begin gnulib module explicit_bzero
+ifeq (,$(OMIT_GNULIB_MODULE_explicit_bzero))
+EXTRA_DIST += explicit_bzero.c
+EXTRA_libgnu_a_SOURCES += explicit_bzero.c
+endif
+## end   gnulib module explicit_bzero
 ## begin gnulib module faccessat
 ifeq (,$(OMIT_GNULIB_MODULE_faccessat))
author	Paul Eggert	2017-07-16 16:22:33 -0700
committer	Paul Eggert	2017-07-16 16:29:12 -0700
commit	59f6972134f312863dc761bf66a954a8036d0d86 (patch)
tree	cd479a7fe59b72985f98e57c4b4d861c01cf5bc8 /lib
parent	252444aaa3a7cb9fc70289a5a3920f8a9d848109 (diff)
download	emacs-59f6972134f312863dc761bf66a954a8036d0d86.tar.gz emacs-59f6972134f312863dc761bf66a954a8036d0d86.zip

diff --git a/lib/explicit_bzero.c b/lib/explicit_bzero.c new file mode 100644 index 00000000000..262c68f9cd6 --- /dev/null +++ b/lib/explicit_bzero.c
@@ -0,0 +1,48 @@
		1	/* Erasure of sensitive data, generic implementation.
		2	Copyright (C) 2016-2017 Free Software Foundation, Inc.
		3	This file is part of the GNU C Library.
		4
		5	The GNU C Library is free software; you can redistribute it and/or
		6	modify it under the terms of the GNU General Public
		7	License as published by the Free Software Foundation; either
		8	version 3 of the License, or (at your option) any later version.
		9
		10	The GNU C Library is distributed in the hope that it will be useful,
		11	but WITHOUT ANY WARRANTY; without even the implied warranty of
		12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
		13	General Public License for more details.
		14
		15	You should have received a copy of the GNU General Public
		16	License along with the GNU C Library; if not, see
		17	<http://www.gnu.org/licenses/>. */
		18
		19	/* An assembler implementation of explicit_bzero can be created as an
		20	assembler alias of an optimized bzero implementation.
		21	Architecture-specific implementations also need to define
		22	__explicit_bzero_chk. */
		23
		24	#if !_LIBC
		25	# include <config.h>
		26	#endif
		27
		28	#include <string.h>
		29
		30	/* glibc-internal users use __explicit_bzero_chk, and explicit_bzero
		31	redirects to that. */
		32	#undef explicit_bzero
		33
		34	/* Set LEN bytes of S to 0. The compiler will not delete a call to
		35	this function, even if S is dead after the call. */
		36	void
		37	explicit_bzero (void *s, size_t len)
		38	{
		39	#ifdef HAVE_EXPLICIT_MEMSET
		40	explicit_memset (s, 0, len);
		41	#else
		42	memset (s, '\0', len);
		43	# ifdef __GNUC__
		44	/* Compiler barrier. */
		45	asm volatile ("" ::: "memory");
		46	# endif
		47	#endif
		48	}


diff --git a/lib/gnulib.mk.in b/lib/gnulib.mk.in index ae5ae87a521..e20487b10b4 100644 --- a/lib/gnulib.mk.in +++ b/lib/gnulib.mk.in
@@ -21,7 +21,7 @@
21	# the same distribution terms as the rest of that program.	21	# the same distribution terms as the rest of that program.
22	#	22	#
23	# Generated by gnulib-tool.	23	# Generated by gnulib-tool.
24	# Reproduce by: gnulib-tool --import --lib=libgnu --source-base=lib --m4-base=m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --avoid=close --avoid=dup --avoid=fchdir --avoid=fstat --avoid=malloc-posix --avoid=msvc-inval --avoid=msvc-nothrow --avoid=open --avoid=openat-die --avoid=opendir --avoid=raise --avoid=save-cwd --avoid=select --avoid=setenv --avoid=sigprocmask --avoid=stat --avoid=stdarg --avoid=stdbool --avoid=threadlib --avoid=tzset --avoid=unsetenv --avoid=utime --avoid=utime-h --gnu-make --makefile-name=gnulib.mk.in --conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files alloca-opt binary-io byteswap c-ctype c-strcase careadlinkat close-stream count-leading-zeros count-one-bits count-trailing-zeros crypto/md5 crypto/sha1 crypto/sha256 crypto/sha512 diffseq dtoastr dtotimespec dup2 environ execinfo faccessat fcntl fcntl-h fdatasync fdopendir filemode filevercmp flexmember fstatat fsync getloadavg getopt-gnu gettime gettimeofday gitlog-to-changelog ignore-value intprops largefile lstat manywarnings memrchr minmax mkostemp mktime pipe2 pselect pthread_sigmask putenv qcopy-acl readlink readlinkat sig2str socklen stat-time std-gnu11 stdalign stddef stdio stpcpy strftime strtoimax symlink sys_stat sys_time time time_r time_rz timegm timer-time timespec-add timespec-sub unlocked-io update-copyright utimens vla warnings	24	# Reproduce by: gnulib-tool --import --lib=libgnu --source-base=lib --m4-base=m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --avoid=close --avoid=dup --avoid=fchdir --avoid=fstat --avoid=malloc-posix --avoid=msvc-inval --avoid=msvc-nothrow --avoid=open --avoid=openat-die --avoid=opendir --avoid=raise --avoid=save-cwd --avoid=select --avoid=setenv --avoid=sigprocmask --avoid=stat --avoid=stdarg --avoid=stdbool --avoid=threadlib --avoid=tzset --avoid=unsetenv --avoid=utime --avoid=utime-h --gnu-make --makefile-name=gnulib.mk.in --conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files alloca-opt binary-io byteswap c-ctype c-strcase careadlinkat close-stream count-leading-zeros count-one-bits count-trailing-zeros crypto/md5 crypto/sha1 crypto/sha256 crypto/sha512 diffseq dtoastr dtotimespec dup2 environ execinfo explicit_bzero faccessat fcntl fcntl-h fdatasync fdopendir filemode filevercmp flexmember fstatat fsync getloadavg getopt-gnu gettime gettimeofday gitlog-to-changelog ignore-value intprops largefile lstat manywarnings memrchr minmax mkostemp mktime pipe2 pselect pthread_sigmask putenv qcopy-acl readlink readlinkat sig2str socklen stat-time std-gnu11 stdalign stddef stdio stpcpy strftime strtoimax symlink sys_stat sys_time time time_r time_rz timegm timer-time timespec-add timespec-sub unlocked-io update-copyright utimens vla warnings
25		25
26		26
27	MOSTLYCLEANFILES += core *.stackdump	27	MOSTLYCLEANFILES += core *.stackdump
@@ -1358,6 +1358,17 @@ EXTRA_libgnu_a_SOURCES += execinfo.c
1358	endif	1358	endif
1359	## end gnulib module execinfo	1359	## end gnulib module execinfo
1360		1360
		1361	## begin gnulib module explicit_bzero
		1362	ifeq (,$(OMIT_GNULIB_MODULE_explicit_bzero))
		1363
		1364
		1365	EXTRA_DIST += explicit_bzero.c
		1366
		1367	EXTRA_libgnu_a_SOURCES += explicit_bzero.c
		1368
		1369	endif
		1370	## end gnulib module explicit_bzero
		1371
1361	## begin gnulib module faccessat	1372	## begin gnulib module faccessat
1362	ifeq (,$(OMIT_GNULIB_MODULE_faccessat))	1373	ifeq (,$(OMIT_GNULIB_MODULE_faccessat))
1363		1374