Project

General

Profile

Feature #4869

need libc secure enhancements for libressl

Added by Garrett D'Amore over 5 years ago. Updated over 2 years ago.

Status:
New
Priority:
Normal
Category:
lib - userland libraries
Start date:
2014-05-18
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:

Description

LibreSSL team are rewriting major portions of OpenSSL. This is a very very good thing.

However, they have a need for platform libraries to implement some APIs. We should add these to our libc.

1. explicit_bzero -- like bzero, but immune to optimization (use volatile pointers)
2. memset_s -- same as above, but specified by C11 standard.
3. reallocarray -- like calloc, but without bzero. (Minimizes overflow risk.)

These should probably also be added to the DDI for completeness.


Related issues

Related to illumos gate - Feature #5830: want arc4random(3C) suiteClosed2015-04-11

Actions
Related to illumos gate - Feature #5428: provide fts(), reallocarray(), and strtonum()Closed2014-12-11

Actions
Related to illumos gate - Feature #8548: want memset_s(3C)Closed2017-07-28

Actions
Related to illumos gate - Feature #5804: want explicit_bzero(3C)Closed2015-04-08

Actions

History

#1

Updated by Stuart Henderson over 5 years ago

Hi, OpenBSD dev here (mostly a porter but I dabble in various things); I was pointed at this ticket and just wanted to mention a few things..

Note that OpenBSD's calloc/reallocarray have specific checks against overflows. I don't know my way around the Illumos codebase but if the relevant calloc code is that in https://github.com/illumos/illumos-gate/blob/master/usr/src/lib/libmapmalloc/common/calloc.c, this will need a little more work to give the guarantees that LibreSSL is expecting. http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/reallocarray.c?rev=1.1

Another thing LibreSSL is depending on is the current OpenBSD arc4random functionality (http://mdoc.su/o/arc4random) - note the automatic reseeding behaviour and use of sysctl rather than device node that's being done here (the latter avoid problems under FD exhaustion type situations and with chroot).

#2

Updated by Garrett D'Amore over 5 years ago

So it turns out that there are a bunch of additional interfaces required for C11 (a bunch of interfaces that come with _s and the rsize_t type, as well as a conditional extension, etc.)

I'm going to leave memset_s, and the other _s versions, out of this changeset, to be addressed at a later date as part of a different changeset.

We do need to get those C11 interfaces added to our libc, of course.

#3

Updated by Garrett D'Amore over 5 years ago

Btw, libc's calloc is a bit better than the one you found in mapmalloc: (libc's calloc is in libc/port/gen/calloc) -- I think this meets the needs of libressl.

void *
calloc(size_t num, size_t size)
{
        void *mp;
        size_t total;

        if (num == 0 || size == 0)
                total = 0;
        else {
                total = num * size;

                /* check for overflow */
                if (total / num != size) {
                        errno = ENOMEM;
                        return (0);
                }
        }
        return ((mp = malloc(total)) ? memset(mp, 0, total) : mp);
}
#4

Updated by Garrett D'Amore over 5 years ago

  • Assignee set to Garrett D'Amore
#5

Updated by Andrew Stormont over 4 years ago

#6

Updated by Adam Števko about 3 years ago

I just tried to compile latest libressl-portable 2.5.0 and I was able to compile. Was this added in the meantime or did I miss something? Perhaps, libressl-portable provides missing interfaces.

#7

Updated by Andrew Stormont about 3 years ago

AFAIK only explicit_bzero has been added so far.

#8

Updated by Yuri Pankov over 2 years ago

#5428 added reallocarray().

#9

Updated by Yuri Pankov over 2 years ago

  • Related to Feature #5428: provide fts(), reallocarray(), and strtonum() added
#10

Updated by Yuri Pankov over 2 years ago

#11

Updated by Andy Fiddaman about 1 year ago

Also available in: Atom PDF