add a new function, explicit_bzero, to be used for erasing "secret" stuff.

unlike normal bzero, we guarantee that the compiler will not optimize out
calls to this function for otherwise dead variables.
to be adjusted as needed when compilers and linkers get smarter.
ok deraadt miod

2 files changed, 22 insertions, 1 deletions

diff --git a/sys/lib/libkern/explicit_bzero.c b/sys/lib/libkern/explicit_bzero.c
new file mode 100644
index 00000000000..7550a2f0c8d
--- /dev/null
+++ b/sys/lib/libkern/explicit_bzero.c
@@ -0,0 +1,20 @@
+/*	$OpenBSD: explicit_bzero.c,v 1.1 2011/01/10 23:23:56 tedu Exp $ */
+/*
+ * Public domain.
+ * Written by Ted Unangst
+ */
+
+#if !defined(_KERNEL) && !defined(_STANDALONE)
+#include <string.h>
+#else
+#include <lib/libkern/libkern.h>
+#endif
+
+/*
+ * explicit_bzero - don't let the compiler optimize away bzero
+ */
+void
+explicit_bzero(void *p, size_t n)
+{
+	bzero(p, n);
+}
diff --git a/sys/lib/libkern/libkern.h b/sys/lib/libkern/libkern.h
index 6fd66719779..c9545cd33ea 100644
--- a/sys/lib/libkern/libkern.h
+++ b/sys/lib/libkern/libkern.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: libkern.h,v 1.27 2010/07/20 15:28:44 matthew Exp $	*/
+/*	$OpenBSD: libkern.h,v 1.28 2011/01/10 23:23:56 tedu Exp $	*/
 /*	$NetBSD: libkern.h,v 1.7 1996/03/14 18:52:08 christos Exp $	*/
 
 /*-
@@ -143,6 +143,7 @@ void	 __assert(const char *, const char *, int, const char *)
 	    __attribute__ ((__noreturn__));
 int	 bcmp(const void *, const void *, size_t);
 void	 bzero(void *, size_t);
+void	 explicit_bzero(void *, size_t);
 int	 ffs(int);
 void	*memchr(const void *, int, size_t);
 int	 memcmp(const void *, const void *, size_t);