compat: test for memset_explicit, explicit_bzero and memset_s

These won't be optimised away by the compiler and our arc4random
compat function should use them *if* available.
If none are then a warning will be emitted to say it's potentially insecure.

Hopefully only uclibc users will see this message.

Fixes #252.

diff --git a/compat/arc4random.c b/compat/arc4random.c
index fdf605274caac05c3bf0ee3b3e22ec08d74e9fb3..7ff3105d5fa2ef79683ecef168eda634455af999 100644 (file)
--- a/compat/arc4random.c
+++ b/compat/arc4random.c
@@ -195,7 +195,16 @@ _rs_stir(void)
                _rs_init(rnd, sizeof(rnd));
        else
                _rs_rekey(rnd, sizeof(rnd));
-       memset(rnd, 0, sizeof(rnd));    /* discard source seed */
+#if defined(HAVE_EXPLICIT_BZERO)
+       explicit_bzero(rnd, sizeof(rnd));       /* discard source seed */
+#elif defined(HAVE_MEMSET_EXPLICIT)
+       (void)memset_explicit(rnd, 0, sizeof(rnd));
+#elif defined(HAVE_MEMSET_S)
+       (void)memset_s(rnd, sizeof(rnd), 0, sizeof(rnd));
+#else
+#warning potentially insecure use of memset discarding the source seed
+       (void)memset(rnd, 0, sizeof(rnd));      /* discard source seed */
+#endif
 
        /* invalidate rs_buf */
        rs->rs_have = 0;

diff --git a/configure b/configure
index 3d130a04b6ee49511364a0f918bcb816c88aa257..ec8388c4ac1388887b75eb2f2b3444585c7e45b5 100755 (executable)
--- a/configure
+++ b/configure
@@ -896,6 +896,74 @@ if [ "$ARC4RANDOM_UNIFORM" = no ]; then
        echo "#include                  \"compat/arc4random_uniform.h\"" >>$CONFIG_H
 fi
 
+# Our arc4random compat needs memset_explicit, explicit_bzero or memset_s
+if [ -z "$MEMSET_EXPLICIT" ]; then
+       printf "Testing for memset_explicit ... "
+       cat <<EOF >_memset_explicit.c
+#include <string.h>
+int main(void) {
+       int a;
+       (void)memset_explicit(&a, 0, sizeof(a));
+       return 0;
+}
+EOF
+       if $XCC __memset_explicit.c -o _memset_explicit 2>&3; then
+               MEMSET_EXPLICIT=yes
+       else
+               MEMSET_EXPLICIT=no
+       fi
+       echo "$MEMSET_EXPLICIT"
+       rm -f _memset_explicit.c _memset_explicit
+fi
+if [ "$MEMSET_EXPLICIT" = yes ]; then
+       echo "#define   HAVE_MEMSET_EXPLICIT" >>$CONFIG_H
+fi
+
+if [ -z "$EXPLICIT_BZERO" ]; then
+       printf "Testing for explicit_bzero ... "
+       cat <<EOF >_explicit_bzero.c
+#define _BSD_SOURCE // musl, will be added for Linux in config.h
+#include <string.h>
+int main(void) {
+       int a;
+       explicit_bzero(&a, sizeof(a));
+       return 0;
+}
+EOF
+       if $XCC _explicit_bzero.c -o _explicit_bzero 2>&3; then
+               EXPLICIT_BZERO=yes
+       else
+               EXPLICIT_BZERO=no
+       fi
+       echo "$EXPLICIT_BZERO"
+       rm -f _explicit_bzero.c _explicit_bzero
+fi
+if [ "$EXPLICIT_BZERO" = yes ]; then
+       echo "#define   HAVE_EXPLICIT_BZERO" >>$CONFIG_H
+fi
+
+if [ -z "$MEMSET_S" ]; then
+       printf "Testing for memset_s ... "
+       cat <<EOF >_memset_s.c
+#include <string.h>
+int main(void) {
+       int a;
+       memset_s(&a, sizeof(a), 0, sizeof(a));
+       return 0;
+}
+EOF
+       if $XCC __memset_s.c -o _memset_s 2>&3; then
+               MEMSET_S=yes
+       else
+               MEMSET_S=no
+       fi
+       echo "$MEMSET_S"
+       rm -f _memset_s.c _memset_s
+fi
+if [ "$MEMSET_S" = yes ]; then
+       echo "#define   HAVE_MEMSET_S" >>$CONFIG_H
+fi
+
 if [ -z "$OPEN_MEMSTREAM" ]; then
        printf "Testing for open_memstream ... "
        cat <<EOF >_open_memstream.c