Add explicit/volatile memset/memzero functions #2156
Conversation
Adds the following functions to platforms that support them: * `explicit_bzero` (de facto standard): Glibc, MUSL, FreeBSD, DragonFly BSD, OpenBSD * `explicit_memset`: NetBSD * `memset_s` (C11 standard): FreeBSD, DragonFly BSD These functions are useful for zeroing secret memory.
|
Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @m-ou-se (or someone else) soon. If any changes to this PR are deemed necessary, please add them as extra commits. This ensures that the reviewer can see what has changed since they last reviewed the code. Due to the way GitHub handles out-of-date commits, this should also make it reasonably obvious what issues have or haven't been addressed. Large or tricky changes may require several passes of review and changes. Please see the contribution instructions for more information. |
|
As for the failing FreeBSD tests: |
src/unix/bsd/freebsdlike/mod.rs
Outdated
| // Added in `DragonFly BSD` 5.4 | ||
| pub fn explicit_bzero(s: *mut ::c_void, len: ::size_t); | ||
| // ISO/IEC 9899:2011 ("ISO C11") K.3.7.4.1 | ||
| pub fn memset_s(s: *mut ::c_void, smax: ::rsize_t, c: ::c_int, n: ::rsize_t) -> ::errno_t; |
There was a problem hiding this comment.
macOs has also memset_s if that helps.
There was a problem hiding this comment.
Added memset_s to macOS and fixed the signature to use standard C types instead of the C11 annex K types that were used.
Use the standard C type equivalent to the C11 annex K types
src/unix/bsd/freebsdlike/mod.rs
Outdated
| pub fn iconv_close(cd: iconv_t) -> ::c_int; | ||
| } | ||
|
|
||
| extern "C" { |
There was a problem hiding this comment.
Why did you declare a new extern block instead of using the existing one?
There was a problem hiding this comment.
No particular reason I think. I started with glibc and there were already 3 different extern "C" blocks there (all without special link attributes), and I didn't know which one I should add this function to, so I added a extern "C" block there. And for the other platforms I copied my code from glibc.
There was a problem hiding this comment.
Should there be an empty line between the added function(s) and the existing functions? In musl for example the functions seem to be grouped using empty lines in logical groups, while e.g. in OpenBSD there are no empty lines in the extern "C" block at all.
There was a problem hiding this comment.
No particular reason I think. I started with glibc and there were already 3 different
extern "C"blocks there (all without speciallinkattributes), and I didn't know which one I should add this function to, so I added aextern "C"block there. And for the other platforms I copied my code from glibc.
I should've overlooked them, let's use one block here.
|
@JohnTitor hep, read fine for openbsd. thanks |
|
@bors r+ |
|
📌 Commit ea18049 has been approved by |
|
☀️ Test successful - checks-actions, checks-cirrus-freebsd-11, checks-cirrus-freebsd-12, checks-cirrus-freebsd-13 |
7 participants
Adds the following functions to platforms that support them:
explicit_bzero(de facto standard): Glibc, MUSL, FreeBSD, DragonFly BSD, OpenBSDexplicit_memset: NetBSDmemset_s(C11 standard): FreeBSD, DragonFly BSD, Apple OSXThese functions are useful for zeroing secret memory.
Closes #2009