Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <87ikt2psnw.fsf@keithp.com>
Date: Mon, 04 Nov 2024 13:58:59 -0800
From: Keith Packard <keithp@...thp.com>
To: John Scott <jscott@...teo.net>, libc-coord@...ts.openwall.com
Subject: Re: Anyone have a secure 'free' API?

From: John Scott <jscott@...teo.net>
Date: Mon, 04 Nov 2024 20:36:33 +0000

> Apologies if you already thought of this, but I believe the
> just-published C23 has memset_explicit() for applications that want to
> do something like this.

And here I am implementing a bunch of other C23 functions (uchar, in
particular) and didn't think to check and see if there was something in
the standard. Thanks much for the pointer.

> Since mem*() functions in <string.h> are in implementation-reserved
> namespace, this I think this can be exposed to applications electing
> to use prior standards like POSIX Issue 8 (which uses C17).

Yup, picolibc already exposes some C23 functions using this
approach. I'll add memset_explicit and call it a day.

> For whatever it's worth C11 Annex K places similar requirements on
> memset_s(), but I don't see much reason for new code to use it going
> forward.

Picolibc provides Annex K, even though its not the best spec and seems
likely to be changed in the future. However, reading through both C11
and C23 versions of that spec, I couldn't see where it was making the
same guarantee as memset_explicit. It does have this very odd phrase:

 "Unlike memset, any call to the memset_s function shall be evaluated
  strictly according to the rules of the abstract machine as described
  in (5.1.2.3). That is, any call to the memset_s function shall assume
  that the memory indicated by s and n may be accessible in the future
  and thus must contain the values indicated by c."

It seems like this is trying very hard to distinguish memset_s from
memset, but section 5.1.2.3 doesn't talk about non-volatile memory
access semantics at all, so I'm not sure what the result of this
paragraph actually are.

However, I'm sticking a memory barrier into picolibc's memset_s
implementation because I can imagine developers might expect it to do
that.

-- 
-keith

Download attachment "signature.asc" of type "application/pgp-signature" (833 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.