Feature #4869
open
need libc secure enhancements for libressl
0%
Description
LibreSSL team are rewriting major portions of OpenSSL. This is a very very good thing.
However, they have a need for platform libraries to implement some APIs. We should add these to our libc.
1. explicit_bzero -- like bzero, but immune to optimization (use volatile pointers)
2. memset_s -- same as above, but specified by C11 standard.
3. reallocarray -- like calloc, but without bzero. (Minimizes overflow risk.)
These should probably also be added to the DDI for completeness.
Related issues
Updated by Stuart Henderson over 9 years ago
Hi, OpenBSD dev here (mostly a porter but I dabble in various things); I was pointed at this ticket and just wanted to mention a few things..
Note that OpenBSD's calloc/reallocarray have specific checks against overflows. I don't know my way around the Illumos codebase but if the relevant calloc code is that in https://github.com/illumos/illumos-gate/blob/master/usr/src/lib/libmapmalloc/common/calloc.c, this will need a little more work to give the guarantees that LibreSSL is expecting. http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/reallocarray.c?rev=1.1
Another thing LibreSSL is depending on is the current OpenBSD arc4random functionality (http://mdoc.su/o/arc4random) - note the automatic reseeding behaviour and use of sysctl rather than device node that's being done here (the latter avoid problems under FD exhaustion type situations and with chroot).
Updated by Garrett D'Amore over 9 years ago
So it turns out that there are a bunch of additional interfaces required for C11 (a bunch of interfaces that come with _s and the rsize_t type, as well as a conditional extension, etc.)
I'm going to leave memset_s, and the other _s versions, out of this changeset, to be addressed at a later date as part of a different changeset.
We do need to get those C11 interfaces added to our libc, of course.
Updated by Garrett D'Amore over 9 years ago
Btw, libc's calloc is a bit better than the one you found in mapmalloc: (libc's calloc is in libc/port/gen/calloc) -- I think this meets the needs of libressl.
void *
calloc(size_t num, size_t size)
{
void *mp;
size_t total;
if (num == 0 || size == 0)
total = 0;
else {
total = num * size;
/* check for overflow */
if (total / num != size) {
errno = ENOMEM;
return (0);
}
}
return ((mp = malloc(total)) ? memset(mp, 0, total) : mp);
}
Updated by Andrew Stormont over 8 years ago
- Related to Feature #5830: want arc4random(3C) suite added
Updated by Adam Števko about 7 years ago
I just tried to compile latest libressl-portable 2.5.0 and I was able to compile. Was this added in the meantime or did I miss something? Perhaps, libressl-portable provides missing interfaces.
Updated by Andrew Stormont about 7 years ago
AFAIK only explicit_bzero has been added so far.
Updated by Yuri Pankov over 6 years ago
- Related to Feature #5428: provide fts(), reallocarray(), and strtonum() added
Updated by Yuri Pankov over 6 years ago
- Related to Feature #8548: want memset_s(3C) added
Updated by Andy Fiddaman about 5 years ago
- Related to Feature #5804: want explicit_bzero(3C) added