Feature #4869

need libc secure enhancements for libressl

Added by Garrett D'Amore almost 6 years ago. Updated over 2 years ago.

lib - userland libraries
Start date:
Due date:
% Done:


Estimated time:


LibreSSL team are rewriting major portions of OpenSSL. This is a very very good thing.

However, they have a need for platform libraries to implement some APIs. We should add these to our libc.

1. explicit_bzero -- like bzero, but immune to optimization (use volatile pointers)
2. memset_s -- same as above, but specified by C11 standard.
3. reallocarray -- like calloc, but without bzero. (Minimizes overflow risk.)

These should probably also be added to the DDI for completeness.

Related issues

Related to illumos gate - Feature #5830: want arc4random(3C) suiteClosed2015-04-11

Related to illumos gate - Feature #5428: provide fts(), reallocarray(), and strtonum()Closed2014-12-11

Related to illumos gate - Feature #8548: want memset_s(3C)Closed2017-07-28

Related to illumos gate - Feature #5804: want explicit_bzero(3C)Closed2015-04-08




Updated by Stuart Henderson almost 6 years ago

Hi, OpenBSD dev here (mostly a porter but I dabble in various things); I was pointed at this ticket and just wanted to mention a few things..

Note that OpenBSD's calloc/reallocarray have specific checks against overflows. I don't know my way around the Illumos codebase but if the relevant calloc code is that in, this will need a little more work to give the guarantees that LibreSSL is expecting.

Another thing LibreSSL is depending on is the current OpenBSD arc4random functionality ( - note the automatic reseeding behaviour and use of sysctl rather than device node that's being done here (the latter avoid problems under FD exhaustion type situations and with chroot).


Updated by Garrett D'Amore almost 6 years ago

So it turns out that there are a bunch of additional interfaces required for C11 (a bunch of interfaces that come with _s and the rsize_t type, as well as a conditional extension, etc.)

I'm going to leave memset_s, and the other _s versions, out of this changeset, to be addressed at a later date as part of a different changeset.

We do need to get those C11 interfaces added to our libc, of course.


Updated by Garrett D'Amore almost 6 years ago

Btw, libc's calloc is a bit better than the one you found in mapmalloc: (libc's calloc is in libc/port/gen/calloc) -- I think this meets the needs of libressl.

void *
calloc(size_t num, size_t size)
        void *mp;
        size_t total;

        if (num == 0 || size == 0)
                total = 0;
        else {
                total = num * size;

                /* check for overflow */
                if (total / num != size) {
                        errno = ENOMEM;
                        return (0);
        return ((mp = malloc(total)) ? memset(mp, 0, total) : mp);

Updated by Garrett D'Amore over 5 years ago

  • Assignee set to Garrett D'Amore

Updated by Andrew Stormont almost 5 years ago


Updated by Adam Števko over 3 years ago

I just tried to compile latest libressl-portable 2.5.0 and I was able to compile. Was this added in the meantime or did I miss something? Perhaps, libressl-portable provides missing interfaces.


Updated by Andrew Stormont over 3 years ago

AFAIK only explicit_bzero has been added so far.


Updated by Yuri Pankov over 2 years ago

#5428 added reallocarray().


Updated by Yuri Pankov over 2 years ago

  • Related to Feature #5428: provide fts(), reallocarray(), and strtonum() added

Updated by Yuri Pankov over 2 years ago


Updated by Andy Fiddaman over 1 year ago

Also available in: Atom PDF