2016-01-10 09:45:36 +03:00
|
|
|
#ifndef __STDC_WANT_LIB_EXT1__
|
2023-08-27 17:21:20 +03:00
|
|
|
#define __STDC_WANT_LIB_EXT1__ 1 /* for memset_s() */
|
2016-01-10 09:45:36 +03:00
|
|
|
#endif
|
|
|
|
|
2015-12-01 03:07:21 +03:00
|
|
|
#include "ruby/missing.h"
|
2015-12-01 01:53:21 +03:00
|
|
|
#include <string.h>
|
|
|
|
|
2015-12-01 06:52:20 +03:00
|
|
|
#ifdef _WIN32
|
|
|
|
#include <windows.h>
|
|
|
|
#endif
|
|
|
|
|
2015-12-02 03:55:50 +03:00
|
|
|
/* Similar to bzero(), but has a guarantee not to be eliminated from compiler
|
2015-12-02 00:52:02 +03:00
|
|
|
optimization. */
|
|
|
|
|
|
|
|
/* OS support note:
|
2015-12-02 03:55:50 +03:00
|
|
|
* BSDs have explicit_bzero().
|
2020-04-25 20:00:45 +03:00
|
|
|
* macOS has memset_s().
|
2015-12-02 03:55:50 +03:00
|
|
|
* Windows has SecureZeroMemory() since XP.
|
2020-04-25 20:00:45 +03:00
|
|
|
* Linux has explicit_bzero() since glibc 2.25, musl libc 1.1.20.
|
2015-12-02 00:52:02 +03:00
|
|
|
*/
|
2015-12-01 03:07:21 +03:00
|
|
|
|
2015-12-01 03:35:59 +03:00
|
|
|
/*
|
2015-12-02 03:55:50 +03:00
|
|
|
* Following URL explains why memset_s is added to the standard.
|
2015-12-01 03:35:59 +03:00
|
|
|
* http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1381.pdf
|
|
|
|
*/
|
|
|
|
|
2015-12-01 04:05:48 +03:00
|
|
|
#ifndef FUNC_UNOPTIMIZED
|
|
|
|
# define FUNC_UNOPTIMIZED(x) x
|
2015-12-01 03:35:59 +03:00
|
|
|
#endif
|
|
|
|
|
2015-12-02 03:03:51 +03:00
|
|
|
#undef explicit_bzero
|
2015-12-01 03:07:21 +03:00
|
|
|
#ifndef HAVE_EXPLICIT_BZERO
|
2019-08-17 08:17:30 +03:00
|
|
|
#ifdef HAVE_EXPLICIT_MEMSET
|
|
|
|
void
|
|
|
|
explicit_bzero(void *b, size_t len)
|
|
|
|
{
|
|
|
|
(void)explicit_memset(b, 0, len);
|
|
|
|
}
|
|
|
|
#elif defined HAVE_MEMSET_S
|
2015-12-02 00:52:02 +03:00
|
|
|
void
|
|
|
|
explicit_bzero(void *b, size_t len)
|
|
|
|
{
|
|
|
|
memset_s(b, len, 0, len);
|
|
|
|
}
|
|
|
|
#elif defined SecureZeroMemory
|
|
|
|
void
|
|
|
|
explicit_bzero(void *b, size_t len)
|
|
|
|
{
|
|
|
|
SecureZeroMemory(b, len);
|
|
|
|
}
|
|
|
|
|
|
|
|
#elif defined HAVE_FUNC_WEAK
|
|
|
|
|
2015-12-02 03:55:50 +03:00
|
|
|
/* A weak function never be optimized away. Even if nobody uses it. */
|
2015-12-02 00:52:02 +03:00
|
|
|
WEAK(void ruby_explicit_bzero_hook_unused(void *buf, size_t len));
|
|
|
|
void
|
|
|
|
ruby_explicit_bzero_hook_unused(void *buf, size_t len)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
explicit_bzero(void *b, size_t len)
|
|
|
|
{
|
2015-12-02 01:42:00 +03:00
|
|
|
memset(b, 0, len);
|
2015-12-02 00:52:02 +03:00
|
|
|
ruby_explicit_bzero_hook_unused(b, len);
|
|
|
|
}
|
|
|
|
|
|
|
|
#else /* Your OS have no capability. Sigh. */
|
2015-12-01 04:24:23 +03:00
|
|
|
|
2015-12-01 04:05:48 +03:00
|
|
|
FUNC_UNOPTIMIZED(void explicit_bzero(void *b, size_t len));
|
2015-12-01 04:24:23 +03:00
|
|
|
#undef explicit_bzero
|
2015-12-01 04:05:48 +03:00
|
|
|
|
2015-12-01 01:53:21 +03:00
|
|
|
void
|
2015-12-01 03:07:21 +03:00
|
|
|
explicit_bzero(void *b, size_t len)
|
2015-12-01 01:53:21 +03:00
|
|
|
{
|
2015-12-02 00:52:02 +03:00
|
|
|
/*
|
2015-12-02 05:36:58 +03:00
|
|
|
* volatile is not enough if the compiler has an LTO (link time
|
2015-12-02 03:55:50 +03:00
|
|
|
* optimization). At least, the standard provides no guarantee.
|
2015-12-02 05:36:58 +03:00
|
|
|
* However, gcc and major other compilers never optimize a volatile
|
2015-12-02 00:52:02 +03:00
|
|
|
* variable away. So, using volatile is practically ok.
|
|
|
|
*/
|
|
|
|
volatile char* p = (volatile char*)b;
|
|
|
|
|
|
|
|
while(len) {
|
|
|
|
*p = 0;
|
|
|
|
p++;
|
|
|
|
len--;
|
2015-12-01 03:07:21 +03:00
|
|
|
}
|
2015-12-01 01:53:21 +03:00
|
|
|
}
|
2015-12-02 00:52:02 +03:00
|
|
|
#endif
|
|
|
|
#endif /* HAVE_EXPLICIT_BZERO */
|