add explicit_bzero to libc. implementation subject to change, but start

the ball rolling. ok deraadt.

3 files changed, 37 insertions, 4 deletions

diff --git a/lib/libc/string/Makefile.inc b/lib/libc/string/Makefile.inc
index 9d6d1b2368f..1cbb54b3b5c 100644
--- a/lib/libc/string/Makefile.inc
+++ b/lib/libc/string/Makefile.inc
@@ -1,9 +1,9 @@
-#	$OpenBSD: Makefile.inc,v 1.32 2013/12/19 20:52:37 millert Exp $
+#	$OpenBSD: Makefile.inc,v 1.33 2014/01/22 21:06:45 tedu Exp $
 
 # string sources
 .PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/string ${LIBCSRCDIR}/string
 
-SRCS+=	bm.c memccpy.c memmem.c memrchr.c stpcpy.c stpncpy.c \
+SRCS+=	bm.c explicit_bzero.c memccpy.c memmem.c memrchr.c stpcpy.c stpncpy.c \
 	strcasecmp.c strcasestr.c strcoll.c strdup.c \
 	strerror.c strerror_r.c strlcat.c strmode.c strndup.c strnlen.c \
 	strsignal.c strtok.c strxfrm.c \
@@ -155,6 +155,7 @@ MAN+=	bm.3 bcmp.3 bcopy.3 bstring.3 bzero.3 ffs.3 memccpy.3 memchr.3 \
 	wmemset.3
 
 MLINKS+=bm.3 bm_comp.3 bm.3 bm_exec.3 bm.3 bm_free.3
+MLINKS+=bzero.3 explicit_bzero.3
 MLINKS+=memchr.3 memrchr.3
 MLINKS+=stpcpy.3 stpncpy.3
 MLINKS+=strchr.3 index.3
diff --git a/lib/libc/string/bzero.3 b/lib/libc/string/bzero.3
index 1fd5da81b5c..8476eb863e4 100644
--- a/lib/libc/string/bzero.3
+++ b/lib/libc/string/bzero.3
@@ -27,9 +27,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"	$OpenBSD: bzero.3,v 1.9 2013/06/05 03:39:23 tedu Exp $
+.\"	$OpenBSD: bzero.3,v 1.10 2014/01/22 21:06:45 tedu Exp $
 .\"
-.Dd $Mdocdate: June 5 2013 $
+.Dd $Mdocdate: January 22 2014 $
 .Dt BZERO 3
 .Os
 .Sh NAME
@@ -39,6 +39,8 @@
 .In string.h
 .Ft void
 .Fn bzero "void *b" "size_t len"
+.Ft void
+.Fn explicit_bzero "void *b" "size_t len"
 .Sh DESCRIPTION
 The
 .Fn bzero
@@ -51,6 +53,12 @@ If
 is zero,
 .Fn bzero
 does nothing.
+.Pp
+The
+.Fn explicit_bzero
+variant behaves the same, but will not be removed by a compiler's dead store
+optimization pass, making it useful for clearing sensitive memory such as a
+password.
 .Sh SEE ALSO
 .Xr memset 3 ,
 .Xr swab 3
@@ -59,3 +67,7 @@ The
 .Fn bzero
 function first appeared in
 .Bx 4.2 .
+The
+.Fn explicit_bzero
+function first appeared in
+.Ox 5.5 .
diff --git a/lib/libc/string/explicit_bzero.c b/lib/libc/string/explicit_bzero.c
new file mode 100644
index 00000000000..fd2948ca44e
--- /dev/null
+++ b/lib/libc/string/explicit_bzero.c
@@ -0,0 +1,20 @@
+/*	$OpenBSD: explicit_bzero.c,v 1.1 2014/01/22 21:06:45 tedu Exp $ */
+/*
+ * Public domain.
+ * Written by Ted Unangst
+ */
+
+#if !defined(_KERNEL) && !defined(_STANDALONE)
+#include <string.h>
+#else
+#include <lib/libkern/libkern.h>
+#endif
+
+/*
+ * explicit_bzero - don't let the compiler optimize away bzero
+ */
+void
+explicit_bzero(void *p, size_t n)
+{
+	bzero(p, n);
+}