# HG changeset patch # User Matt Johnston # Date 1458228093 -28800 # Node ID 3017bc7d62385f9e96d4ac4933c6864b768e17c1 # Parent a3bb1511581621d1dc712f61af6626963844e5f7 move m_burn and function attributes to dbhelpers use m_burn for libtomcrypt zeromem() too diff -r a3bb15115816 -r 3017bc7d6238 Makefile.in --- a/Makefile.in Thu Mar 17 06:40:31 2016 +0800 +++ b/Makefile.in Thu Mar 17 23:21:33 2016 +0800 @@ -24,7 +24,7 @@ LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM) endif -COMMONOBJS=dbutil.o buffer.o \ +COMMONOBJS=dbutil.o buffer.o dbhelpers.o \ dss.o bignum.o \ signkey.o rsa.o dbrandom.o \ queue.o \ diff -r a3bb15115816 -r 3017bc7d6238 bignum.h --- a/bignum.h Thu Mar 17 06:40:31 2016 +0800 +++ b/bignum.h Thu Mar 17 23:21:33 2016 +0800 @@ -25,8 +25,7 @@ #ifndef DROPBEAR_BIGNUM_H_ #define DROPBEAR_BIGNUM_H_ -#include "includes.h" -#include "dbutil.h" +#include "dbhelpers.h" void m_mp_init(mp_int *mp); void m_mp_init_multi(mp_int *mp, ...) ATTRIB_SENTINEL; diff -r a3bb15115816 -r 3017bc7d6238 dbhelpers.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/dbhelpers.c Thu Mar 17 23:21:33 2016 +0800 @@ -0,0 +1,25 @@ +#include "dbhelpers.h" +#include "includes.h" + +/* Erase data */ +void m_burn(void *data, unsigned int len) { + +#if defined(HAVE_MEMSET_S) + memset_s(data, len, 0x0, len); +#elif defined(HAVE_EXPLICIT_BZERO) + explicit_bzero(data, len); +#else +/* Based on the method in David Wheeler's + * "Secure Programming for Linux and Unix HOWTO". May not be safe + * against link-time optimisation. */ + volatile char *p = data; + + if (data == NULL) + return; + while (len--) { + *p++ = 0x0; + } +#endif +} + + diff -r a3bb15115816 -r 3017bc7d6238 dbhelpers.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/dbhelpers.h Thu Mar 17 23:21:33 2016 +0800 @@ -0,0 +1,21 @@ +#ifndef DROPBEAR_DBHELPERS_H_ +#define DROPBEAR_DBHELPERS_H_ + +/* This header defines some things that are also used by libtomcrypt/math. + We avoid including normal include.h since that can result in conflicting + definitinos - only include config.h */ +#include "config.h" + +#ifdef __GNUC__ +#define ATTRIB_PRINTF(fmt,args) __attribute__((format(printf, fmt, args))) +#define ATTRIB_NORETURN __attribute__((noreturn)) +#define ATTRIB_SENTINEL __attribute__((sentinel)) +#else +#define ATTRIB_PRINTF(fmt,args) +#define ATTRIB_NORETURN +#define ATTRIB_SENTINEL +#endif + +void m_burn(void* data, unsigned int len); + +#endif /* DROPBEAR_DBHELPERS_H_ */ diff -r a3bb15115816 -r 3017bc7d6238 dbutil.c --- a/dbutil.c Thu Mar 17 06:40:31 2016 +0800 +++ b/dbutil.c Thu Mar 17 23:21:33 2016 +0800 @@ -559,28 +559,6 @@ return ret; } -/* Clear the data, based on the method in David Wheeler's - * "Secure Programming for Linux and Unix HOWTO" */ -/* Beware of calling this from within dbutil.c - things might get - * optimised away */ -void m_burn(void *data, unsigned int len) { - -#if defined(HAVE_MEMSET_S) - memset_s(data, len, 0x0, len); -#elif defined(HAVE_EXPLICIT_BZERO) - explicit_bzero(data, len); -#else - volatile char *p = data; - - if (data == NULL) - return; - while (len--) { - *p++ = 0x0; - } -#endif -} - - void setnonblocking(int fd) { TRACE(("setnonblocking: %d", fd)) diff -r a3bb15115816 -r 3017bc7d6238 dbutil.h --- a/dbutil.h Thu Mar 17 06:40:31 2016 +0800 +++ b/dbutil.h Thu Mar 17 23:21:33 2016 +0800 @@ -29,21 +29,12 @@ #include "includes.h" #include "buffer.h" #include "queue.h" +#include "dbhelpers.h" #ifndef DISABLE_SYSLOG void startsyslog(const char *ident); #endif -#ifdef __GNUC__ -#define ATTRIB_PRINTF(fmt,args) __attribute__((format(printf, fmt, args))) -#define ATTRIB_NORETURN __attribute__((noreturn)) -#define ATTRIB_SENTINEL __attribute__((sentinel)) -#else -#define ATTRIB_PRINTF(fmt,args) -#define ATTRIB_NORETURN -#define ATTRIB_SENTINEL -#endif - extern void (*_dropbear_exit)(int exitcode, const char* format, va_list param) ATTRIB_NORETURN; extern void (*_dropbear_log)(int priority, const char* format, va_list param); @@ -79,7 +70,6 @@ void * m_strdup(const char * str); void * m_realloc(void* ptr, size_t size); #define m_free(X) do {free(X); (X) = NULL;} while (0) -void m_burn(void* data, unsigned int len); void setnonblocking(int fd); void disallow_core(void); int m_str_to_uint(const char* str, unsigned int *val); diff -r a3bb15115816 -r 3017bc7d6238 libtomcrypt/src/headers/tomcrypt_custom.h --- a/libtomcrypt/src/headers/tomcrypt_custom.h Thu Mar 17 06:40:31 2016 +0800 +++ b/libtomcrypt/src/headers/tomcrypt_custom.h Thu Mar 17 23:21:33 2016 +0800 @@ -1,7 +1,7 @@ #ifndef TOMCRYPT_CUSTOM_H_ #define TOMCRYPT_CUSTOM_H_ -/* this will sort out which stuff based on the user-config in options.h */ +/* compile options depend on Dropbear options.h */ #include "options.h" /* macros for various libc functions you can change for embedded targets */ diff -r a3bb15115816 -r 3017bc7d6238 libtomcrypt/src/misc/zeromem.c --- a/libtomcrypt/src/misc/zeromem.c Thu Mar 17 06:40:31 2016 +0800 +++ b/libtomcrypt/src/misc/zeromem.c Thu Mar 17 23:21:33 2016 +0800 @@ -9,6 +9,7 @@ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" +#include "dbhelpers.h" /** @file zeromem.c @@ -22,11 +23,7 @@ */ void zeromem(void *out, size_t outlen) { - unsigned char *mem = out; - LTC_ARGCHKVD(out != NULL); - while (outlen-- > 0) { - *mem++ = 0; - } + m_burn(out, outlen); } /* $Source: /cvs/libtom/libtomcrypt/src/misc/zeromem.c,v $ */ diff -r a3bb15115816 -r 3017bc7d6238 libtommath/bn_mp_clear.c --- a/libtommath/bn_mp_clear.c Thu Mar 17 06:40:31 2016 +0800 +++ b/libtommath/bn_mp_clear.c Thu Mar 17 23:21:33 2016 +0800 @@ -1,5 +1,5 @@ #include -#include "dbutil.h" +#include "dbhelpers.h" #ifdef BN_MP_CLEAR_C /* LibTomMath, multiple-precision integer library -- Tom St Denis *