src: Use explicit_bzero() if available on the platform

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

ConfigureChecks.cmake

@@ -144,6 +144,7 @@ endif()
 check_function_exists(isblank HAVE_ISBLANK)
 check_function_exists(strncpy HAVE_STRNCPY)
 check_function_exists(strtoull HAVE_STRTOULL)
+check_function_exists(explicit_bzero HAVE_EXPLICIT_BZERO)
 
 if (HAVE_GLOB_H)
   check_function_exists(glob HAVE_GLOB)

config.h.cmake

@@ -160,6 +160,9 @@
 /* Define to 1 if you have the `glob' function. */
 #cmakedefine HAVE_GLOB 1
 
+/* Define to 1 if you have the `explicit_bzero' function. */
+#cmakedefine HAVE_EXPLICIT_BZERO 1
+
 /*************************** LIBRARIES ***************************/
 
 /* Define to 1 if you have the `crypto' library (-lcrypto). */

include/libssh/priv.h

@@ -280,33 +280,22 @@ int ssh_connector_remove_event(ssh_connector connector);
 /** Get the size of an array */
 #define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0]))
 
+#ifndef HAVE_EXPLICIT_BZERO
 /*
  * See http://llvm.org/bugs/show_bug.cgi?id=15495
  */
 #if defined(HAVE_GCC_VOLATILE_MEMORY_PROTECTION)
-/** Overwrite a string with '\0' */
-# define BURN_STRING(x) do { \
-    if ((x) != NULL) \
-        memset((x), '\0', strlen((x))); __asm__ volatile("" : : "r"(&(x)) : "memory"); \
-  } while(0)
-
-/** Overwrite the buffer with '\0' */
-# define BURN_BUFFER(x, size) do { \
-    if ((x) != NULL) \
-        memset((x), '\0', (size)); __asm__ volatile("" : : "r"(&(x)) : "memory"); \
-  } while(0)
+#define explicit_bzero(s, n) do { \
+    if ((s) != NULL) { \
+        memset((s), '\0', (n)); __asm__ volatile("" : : "r"(&(s)) : "memory"); \
+    } \
+} while (0)
 #else /* HAVE_GCC_VOLATILE_MEMORY_PROTECTION */
-/** Overwrite a string with '\0' */
-# define BURN_STRING(x) do { \
-    if ((x) != NULL) memset((x), '\0', strlen((x))); \
-  } while(0)
-
-/** Overwrite the buffer with '\0' */
-# define BURN_BUFFER(x, size) do { \
-    if ((x) != NULL) \
-        memset((x), '\0', (size)); \
-  } while(0)
+#define explicit_bzero(s, n) do { \
+    memset((s), '\0', (n)); \
+} while (0)
 #endif /* HAVE_GCC_VOLATILE_MEMORY_PROTECTION */
+#endif /* !HAVE_EXPLICIT_BZERO */
 
 /**
  * This is a hack to fix warnings. The idea is to use this everywhere that we

src/auth.c

@@ -1249,7 +1249,7 @@ void ssh_kbdint_free(ssh_kbdint kbd) {
     n = kbd->nprompts;
     if (kbd->prompts) {
         for (i = 0; i < n; i++) {
-            BURN_STRING(kbd->prompts[i]);
+            explicit_bzero(kbd->prompts[i], strlen(kbd->prompts[i]));
             SAFE_FREE(kbd->prompts[i]);
         }
         SAFE_FREE(kbd->prompts);
@@ -1258,7 +1258,7 @@ void ssh_kbdint_free(ssh_kbdint kbd) {
     n = kbd->nanswers;
     if (kbd->answers) {
         for (i = 0; i < n; i++) {
-            BURN_STRING(kbd->answers[i]);
+            explicit_bzero(kbd->answers[i], strlen(kbd->answers[i]));
             SAFE_FREE(kbd->answers[i]);
         }
         SAFE_FREE(kbd->answers);
@@ -1281,7 +1281,7 @@ void ssh_kbdint_clean(ssh_kbdint kbd) {
     n = kbd->nprompts;
     if (kbd->prompts) {
         for (i = 0; i < n; i++) {
-            BURN_STRING(kbd->prompts[i]);
+            explicit_bzero(kbd->prompts[i], strlen(kbd->prompts[i]));
             SAFE_FREE(kbd->prompts[i]);
         }
         SAFE_FREE(kbd->prompts);
@@ -1291,7 +1291,7 @@ void ssh_kbdint_clean(ssh_kbdint kbd) {
 
     if (kbd->answers) {
         for (i = 0; i < n; i++) {
-            BURN_STRING(kbd->answers[i]);
+            explicit_bzero(kbd->answers[i], strlen(kbd->answers[i]));
             SAFE_FREE(kbd->answers[i]);
         }
         SAFE_FREE(kbd->answers);
@@ -1759,7 +1759,8 @@ int ssh_userauth_kbdint_setanswer(ssh_session session, unsigned int i,
   }
 
   if (session->kbdint->answers[i]) {
-    BURN_STRING(session->kbdint->answers[i]);
+    explicit_bzero(session->kbdint->answers[i],
+                   strlen(session->kbdint->answers[i]));
     SAFE_FREE(session->kbdint->answers[i]);
   }
 

src/buffer.c

@@ -107,10 +107,10 @@ void ssh_buffer_free(struct ssh_buffer_struct *buffer) {
 
   if (buffer->data) {
     /* burn the data */
-    BURN_BUFFER(buffer->data, buffer->allocated);
+    explicit_bzero(buffer->data, buffer->allocated);
     SAFE_FREE(buffer->data);
   }
-  BURN_BUFFER(buffer, sizeof(struct ssh_buffer_struct));
+  explicit_bzero(buffer, sizeof(struct ssh_buffer_struct));
   SAFE_FREE(buffer);
 }
 
@@ -146,7 +146,7 @@ static int realloc_buffer(struct ssh_buffer_struct *buffer, size_t needed) {
 		  return -1;
       }
 	  memcpy(new, buffer->data,buffer->used);
-	  BURN_BUFFER(buffer->data, buffer->used);
+	  explicit_bzero(buffer->data, buffer->used);
 	  SAFE_FREE(buffer->data);
   } else {
 	  new = realloc(buffer->data, needed);
@@ -177,7 +177,7 @@ static void buffer_shift(ssh_buffer buffer){
 
   if (buffer->secure){
 	  void *ptr = buffer->data + buffer->used;
-	  BURN_BUFFER(ptr, burn_pos);
+	  explicit_bzero(ptr, burn_pos);
   }
 
   buffer_verify(buffer);
@@ -193,7 +193,7 @@ static void buffer_shift(ssh_buffer buffer){
 int ssh_buffer_reinit(struct ssh_buffer_struct *buffer)
 {
   buffer_verify(buffer);
-  BURN_BUFFER(buffer->data, buffer->used);
+  explicit_bzero(buffer->data, buffer->used);
   buffer->used = 0;
   buffer->pos = 0;
   if(buffer->allocated > 127) {

src/external/bcrypt_pbkdf.c

@@ -98,8 +98,8 @@ bcrypt_hash(uint8_t *sha2pass, uint8_t *sha2salt, uint8_t *out)
 	}
 
 	/* zap */
-	BURN_BUFFER(ciphertext, sizeof(ciphertext));
-	BURN_BUFFER(cdata, sizeof(cdata));
+	explicit_bzero(ciphertext, sizeof(ciphertext));
+	explicit_bzero(cdata, sizeof(cdata));
 	ZERO_STRUCT(state);
 }
 
@@ -175,7 +175,7 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
 	}
 
 	/* zap */
-	BURN_BUFFER(out, sizeof(out));
+	explicit_bzero(out, sizeof(out));
 	free(countsalt);
 
 	return 0;

src/libcrypto.c

@@ -606,7 +606,7 @@ static void aes_ctr_encrypt(struct ssh_cipher_struct *cipher, void *in, void *ou
 }
 
 static void aes_ctr_cleanup(struct ssh_cipher_struct *cipher){
-    BURN_BUFFER(cipher->aes_key, sizeof(*cipher->aes_key));
+    explicit_bzero(cipher->aes_key, sizeof(*cipher->aes_key));
     SAFE_FREE(cipher->aes_key);
 }
 
@@ -695,7 +695,7 @@ static void des1_1_decrypt(struct ssh_cipher_struct *cipher, void *in, void *out
 }
 
 static void des_cleanup(struct ssh_cipher_struct *cipher){
-    BURN_BUFFER(cipher->des3_key, sizeof(*cipher->des3_key));
+    explicit_bzero(cipher->des3_key, sizeof(*cipher->des3_key));
     SAFE_FREE(cipher->des3_key);
 }
 

src/messages.c

@@ -554,7 +554,8 @@ void ssh_message_free(ssh_message msg){
     case SSH_REQUEST_AUTH:
       SAFE_FREE(msg->auth_request.username);
       if (msg->auth_request.password) {
-        BURN_STRING(msg->auth_request.password);
+        explicit_bzero(msg->auth_request.password,
+                       strlen(msg->auth_request.password));
         SAFE_FREE(msg->auth_request.password);
       }
       ssh_key_free(msg->auth_request.pubkey);
@@ -973,7 +974,8 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
       uint32_t n;
 
       for (n = 0; n < session->kbdint->nanswers; n++) {
-            BURN_STRING(session->kbdint->answers[n]);
+            explicit_bzero(session->kbdint->answers[n],
+                           strlen(session->kbdint->answers[n]));
             SAFE_FREE(session->kbdint->answers[n]);
       }
       SAFE_FREE(session->kbdint->answers);

src/packet_crypt.c

@@ -75,7 +75,7 @@ int ssh_packet_decrypt(ssh_session session, void *data,uint32_t len) {
   crypto->decrypt(crypto,data,out,len);
 
   memcpy(data,out,len);
-  BURN_BUFFER(out, len);
+  explicit_bzero(out, len);
   SAFE_FREE(out);
   return 0;
 }
@@ -127,7 +127,7 @@ unsigned char *ssh_packet_encrypt(ssh_session session, void *data, uint32_t len)
   crypto->encrypt(crypto, data, out, len);
 
   memcpy(data, out, len);
-  BURN_BUFFER(out, len);
+  explicit_bzero(out, len);
   SAFE_FREE(out);
 
   if (session->version == 2) {

src/pki.c

@@ -150,7 +150,7 @@ void ssh_key_clean (ssh_key key){
     }
 #endif
     if (key->ed25519_privkey != NULL){
-        BURN_BUFFER(key->ed25519_privkey, sizeof(ed25519_privkey));
+        explicit_bzero(key->ed25519_privkey, sizeof(ed25519_privkey));
         SAFE_FREE(key->ed25519_privkey);
     }
     SAFE_FREE(key->ed25519_pubkey);

src/pki_container_openssh.c

@@ -256,7 +256,7 @@ static int pki_private_key_decrypt(ssh_string blob,
     if (rc < 0){
         return SSH_ERROR;
     }
-    BURN_BUFFER(passphrase_buffer, sizeof(passphrase_buffer));
+    explicit_bzero(passphrase_buffer, sizeof(passphrase_buffer));
 
     cipher.set_decrypt_key(&cipher,
                            key_material,
@@ -547,7 +547,7 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer,
                    ssh_buffer_get(privkey_buffer),
                    ssh_buffer_get_len(privkey_buffer));
     ssh_cipher_clear(&cipher);
-    BURN_BUFFER(passphrase_buffer, sizeof(passphrase_buffer));
+    explicit_bzero(passphrase_buffer, sizeof(passphrase_buffer));
 
     return SSH_OK;
 }
@@ -691,7 +691,7 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
                          "\n",
                          OPENSSH_HEADER_END,
                          "\n");
-    BURN_BUFFER(b64, strlen((char *)b64));
+    explicit_bzero(b64, strlen((char *)b64));
     SAFE_FREE(b64);
 
     if (rc != SSH_OK){
@@ -713,7 +713,7 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
 error:
     if (privkey_buffer != NULL) {
         void *bufptr = ssh_buffer_get(privkey_buffer);
-        BURN_BUFFER(bufptr, ssh_buffer_get_len(privkey_buffer));
+        explicit_bzero(bufptr, ssh_buffer_get_len(privkey_buffer));
         ssh_buffer_free(privkey_buffer);
     }
     SAFE_FREE(pubkey_s);

src/pki_crypto.c

@@ -1434,7 +1434,7 @@ static ssh_signature pki_signature_from_rsa_blob(const ssh_key pubkey,
         blob_orig = (char *) ssh_string_data(sig_blob);
 
         /* front-pad the buffer with zeroes */
-        BURN_BUFFER(blob_padded_data, pad_len);
+        explicit_bzero(blob_padded_data, pad_len);
         /* fill the rest with the actual signature blob */
         memcpy(blob_padded_data + pad_len, blob_orig, len);
 

src/pki_ed25519.c

@@ -132,8 +132,8 @@ int pki_ed25519_verify(const ssh_key pubkey,
                                   hlen + ED25519_SIG_LEN,
                                   *pubkey->ed25519_pubkey);
 
-    BURN_BUFFER(buffer, hlen + ED25519_SIG_LEN);
-    BURN_BUFFER(buffer2, hlen);
+    explicit_bzero(buffer, hlen + ED25519_SIG_LEN);
+    explicit_bzero(buffer2, hlen);
     SAFE_FREE(buffer);
     SAFE_FREE(buffer2);
     if (rc == 0) {

src/pki_mbedcrypto.c

@@ -832,7 +832,7 @@ static ssh_signature pki_signature_from_rsa_blob(const ssh_key pubkey, const
         blob_padded_data = (char *) ssh_string_data(sig_blob_padded);
         blob_orig = (char *) ssh_string_data(sig_blob);
 
-        BURN_BUFFER(blob_padded_data, pad_len);
+        explicit_bzero(blob_padded_data, pad_len);
         memcpy(blob_padded_data + pad_len, blob_orig, len);
 
         sig->rsa_sig = sig_blob_padded;

src/session.c

@@ -307,7 +307,7 @@ void ssh_free(ssh_session session) {
   }
 
   /* burn connection, it could contain sensitive data */
-  BURN_BUFFER(session, sizeof(struct ssh_session_struct));
+  explicit_bzero(session, sizeof(struct ssh_session_struct));
   SAFE_FREE(session);
 }
 

src/string.c

@@ -246,7 +246,7 @@ void ssh_string_burn(struct ssh_string_struct *s) {
         return;
     }
 
-    BURN_BUFFER(s->data, ssh_string_len(s));
+    explicit_bzero(s->data, ssh_string_len(s));
 }
 
 /**

src/wrapper.c

@@ -214,7 +214,7 @@ void crypto_free(struct ssh_crypto_struct *crypto){
       SAFE_FREE(crypto->kex_methods[i]);
   }
 
-  BURN_BUFFER(crypto, sizeof(struct ssh_crypto_struct));
+  explicit_bzero(crypto, sizeof(struct ssh_crypto_struct));
 
   SAFE_FREE(crypto);
 }