diff options
| author | Loganaden Velvindron <logan@cyberstorm.mu> | 2022-05-07 21:23:09 +0400 |
|---|---|---|
| committer | Loganaden Velvindron <logan@cyberstorm.mu> | 2022-05-31 18:00:18 +0400 |
| commit | 04b4b595d3582972db55b45ece64e8ed8e758a87 (patch) | |
| tree | 62b2fed4992f6d81711a00ba76db5b629966f3ff /lib/explicit_bzero.c | |
| parent | 0ef5ec616b6de47ad7e8cd229dcf11f99dce65fd (diff) | |
lib/md5,lib/sha256: Use explicit_bzero to clean up sensitive data.
explicit_bzero() is available as an API to clean up sensitive data
and avoid compiler optimizations that remove calls to memset() or bzero().
Signed-off-by: Loganaden Velvindron <logan@cyberstorm.mu>
Diffstat (limited to 'lib/explicit_bzero.c')
| -rw-r--r-- | lib/explicit_bzero.c | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/lib/explicit_bzero.c b/lib/explicit_bzero.c new file mode 100644 index 0000000000..fa64ed85bf --- /dev/null +++ b/lib/explicit_bzero.c @@ -0,0 +1,39 @@ +/* + * Public domain. + * Written by Matthew Dempsky. + * Adapted for frr. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include <string.h> + +#ifndef HAVE_EXPLICIT_BZERO +#undef explicit_bzero + + +void explicit_bzero(void *buf, size_t len); +__attribute__((__weak__)) void +__explicit_bzero_hook(void *buf, size_t len); + +__attribute__((__weak__)) void +__explicit_bzero_hook(void *buf, size_t len) +{ +} + +#if defined(__clang__) +#pragma clang optimize off +#else +#pragma GCC optimize("00") +#endif + +void +explicit_bzero(void *buf, size_t len) +{ + memset(buf, 0, len); + __explicit_bzero_hook(buf, len); +} + +#endif |