From: Roy Marples Date: Mon, 23 Oct 2023 14:26:16 +0000 (+0100) Subject: compat: test for memset_explicit, explicit_bzero and memset_s X-Git-Tag: v10.0.5~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=65190fa0175425e76fa231ef3137ab75bbed48fd;p=thirdparty%2Fdhcpcd.git compat: test for memset_explicit, explicit_bzero and memset_s These won't be optimised away by the compiler and our arc4random compat function should use them *if* available. If none are then a warning will be emitted to say it's potentially insecure. Hopefully only uclibc users will see this message. Fixes #252. --- diff --git a/compat/arc4random.c b/compat/arc4random.c index fdf60527..7ff3105d 100644 --- a/compat/arc4random.c +++ b/compat/arc4random.c @@ -195,7 +195,16 @@ _rs_stir(void) _rs_init(rnd, sizeof(rnd)); else _rs_rekey(rnd, sizeof(rnd)); - memset(rnd, 0, sizeof(rnd)); /* discard source seed */ +#if defined(HAVE_EXPLICIT_BZERO) + explicit_bzero(rnd, sizeof(rnd)); /* discard source seed */ +#elif defined(HAVE_MEMSET_EXPLICIT) + (void)memset_explicit(rnd, 0, sizeof(rnd)); +#elif defined(HAVE_MEMSET_S) + (void)memset_s(rnd, sizeof(rnd), 0, sizeof(rnd)); +#else +#warning potentially insecure use of memset discarding the source seed + (void)memset(rnd, 0, sizeof(rnd)); /* discard source seed */ +#endif /* invalidate rs_buf */ rs->rs_have = 0; diff --git a/configure b/configure index 3d130a04..ec8388c4 100755 --- a/configure +++ b/configure @@ -896,6 +896,74 @@ if [ "$ARC4RANDOM_UNIFORM" = no ]; then echo "#include \"compat/arc4random_uniform.h\"" >>$CONFIG_H fi +# Our arc4random compat needs memset_explicit, explicit_bzero or memset_s +if [ -z "$MEMSET_EXPLICIT" ]; then + printf "Testing for memset_explicit ... " + cat <_memset_explicit.c +#include +int main(void) { + int a; + (void)memset_explicit(&a, 0, sizeof(a)); + return 0; +} +EOF + if $XCC __memset_explicit.c -o _memset_explicit 2>&3; then + MEMSET_EXPLICIT=yes + else + MEMSET_EXPLICIT=no + fi + echo "$MEMSET_EXPLICIT" + rm -f _memset_explicit.c _memset_explicit +fi +if [ "$MEMSET_EXPLICIT" = yes ]; then + echo "#define HAVE_MEMSET_EXPLICIT" >>$CONFIG_H +fi + +if [ -z "$EXPLICIT_BZERO" ]; then + printf "Testing for explicit_bzero ... " + cat <_explicit_bzero.c +#define _BSD_SOURCE // musl, will be added for Linux in config.h +#include +int main(void) { + int a; + explicit_bzero(&a, sizeof(a)); + return 0; +} +EOF + if $XCC _explicit_bzero.c -o _explicit_bzero 2>&3; then + EXPLICIT_BZERO=yes + else + EXPLICIT_BZERO=no + fi + echo "$EXPLICIT_BZERO" + rm -f _explicit_bzero.c _explicit_bzero +fi +if [ "$EXPLICIT_BZERO" = yes ]; then + echo "#define HAVE_EXPLICIT_BZERO" >>$CONFIG_H +fi + +if [ -z "$MEMSET_S" ]; then + printf "Testing for memset_s ... " + cat <_memset_s.c +#include +int main(void) { + int a; + memset_s(&a, sizeof(a), 0, sizeof(a)); + return 0; +} +EOF + if $XCC __memset_s.c -o _memset_s 2>&3; then + MEMSET_S=yes + else + MEMSET_S=no + fi + echo "$MEMSET_S" + rm -f _memset_s.c _memset_s +fi +if [ "$MEMSET_S" = yes ]; then + echo "#define HAVE_MEMSET_S" >>$CONFIG_H +fi + if [ -z "$OPEN_MEMSTREAM" ]; then printf "Testing for open_memstream ... " cat <_open_memstream.c