From: Paul Eggert Date: Sun, 18 Dec 2022 07:11:55 +0000 (-0800) Subject: Update from Gnulib by running admin/merge-gnulib X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=bda755bf92b5fa0dfe25da173b30e1002e95b774;p=emacs.git Update from Gnulib by running admin/merge-gnulib --- diff --git a/lib/explicit_bzero.c b/lib/explicit_bzero.c index ad0bfd170ca..fc309f81d61 100644 --- a/lib/explicit_bzero.c +++ b/lib/explicit_bzero.c @@ -1,74 +1,27 @@ /* Erasure of sensitive data, generic implementation. Copyright (C) 2016-2022 Free Software Foundation, Inc. - This file is part of the GNU C Library. - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. + This file is free software: you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the + License, or (at your option) any later version. - The GNU C Library is distributed in the hope that it will be useful, + This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, see - . */ + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . */ -/* An assembler implementation of explicit_bzero can be created as an - assembler alias of an optimized bzero implementation. - Architecture-specific implementations also need to define - __explicit_bzero_chk. */ - -#if !_LIBC -# include -#endif - -/* memset_s need this define */ -#if HAVE_MEMSET_S -# define __STDC_WANT_LIB_EXT1__ 1 -#endif +#include #include -#if defined _WIN32 && !defined __CYGWIN__ -# define WIN32_LEAN_AND_MEAN -# include -#endif - -#if _LIBC -/* glibc-internal users use __explicit_bzero_chk, and explicit_bzero - redirects to that. */ -# undef explicit_bzero -#endif - /* Set LEN bytes of S to 0. The compiler will not delete a call to this function, even if S is dead after the call. */ void explicit_bzero (void *s, size_t len) { -#if defined _WIN32 && !defined __CYGWIN__ - (void) SecureZeroMemory (s, len); -#elif HAVE_EXPLICIT_MEMSET - explicit_memset (s, '\0', len); -#elif HAVE_MEMSET_S - (void) memset_s (s, len, '\0', len); -#elif defined __GNUC__ && !defined __clang__ - memset (s, '\0', len); - /* Compiler barrier. */ - asm volatile ("" ::: "memory"); -#elif defined __clang__ - memset (s, '\0', len); - /* Compiler barrier. */ - /* With asm ("" ::: "memory") LLVM analyzes uses of 's' and finds that the - whole thing is dead and eliminates it. Use 'g' to work around this - problem. See . */ - __asm__ volatile ("" : : "g"(s) : "memory"); -#else - /* Invoke memset through a volatile function pointer. This defeats compiler - optimizations. */ - void * (* const volatile volatile_memset) (void *, int, size_t) = memset; - (void) volatile_memset (s, '\0', len); -#endif + memset_explicit (s, 0, len); } diff --git a/lib/gnulib.mk.in b/lib/gnulib.mk.in index 9af8fd0c579..a3ab50f396f 100644 --- a/lib/gnulib.mk.in +++ b/lib/gnulib.mk.in @@ -286,6 +286,7 @@ GL_COND_OBJ_LCHMOD_CONDITION = @GL_COND_OBJ_LCHMOD_CONDITION@ GL_COND_OBJ_LSTAT_CONDITION = @GL_COND_OBJ_LSTAT_CONDITION@ GL_COND_OBJ_MEMPCPY_CONDITION = @GL_COND_OBJ_MEMPCPY_CONDITION@ GL_COND_OBJ_MEMRCHR_CONDITION = @GL_COND_OBJ_MEMRCHR_CONDITION@ +GL_COND_OBJ_MEMSET_EXPLICIT_CONDITION = @GL_COND_OBJ_MEMSET_EXPLICIT_CONDITION@ GL_COND_OBJ_MINI_GMP_GNULIB_CONDITION = @GL_COND_OBJ_MINI_GMP_GNULIB_CONDITION@ GL_COND_OBJ_MKOSTEMP_CONDITION = @GL_COND_OBJ_MKOSTEMP_CONDITION@ GL_COND_OBJ_NANOSLEEP_CONDITION = @GL_COND_OBJ_NANOSLEEP_CONDITION@ @@ -485,6 +486,7 @@ GL_GNULIB_MEMCHR = @GL_GNULIB_MEMCHR@ GL_GNULIB_MEMMEM = @GL_GNULIB_MEMMEM@ GL_GNULIB_MEMPCPY = @GL_GNULIB_MEMPCPY@ GL_GNULIB_MEMRCHR = @GL_GNULIB_MEMRCHR@ +GL_GNULIB_MEMSET_EXPLICIT = @GL_GNULIB_MEMSET_EXPLICIT@ GL_GNULIB_MKDIR = @GL_GNULIB_MKDIR@ GL_GNULIB_MKDIRAT = @GL_GNULIB_MKDIRAT@ GL_GNULIB_MKDTEMP = @GL_GNULIB_MKDTEMP@ @@ -749,6 +751,7 @@ HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ HAVE_MBSLEN = @HAVE_MBSLEN@ HAVE_MBTOWC = @HAVE_MBTOWC@ HAVE_MEMPCPY = @HAVE_MEMPCPY@ +HAVE_MEMSET_EXPLICIT = @HAVE_MEMSET_EXPLICIT@ HAVE_MKDIRAT = @HAVE_MKDIRAT@ HAVE_MKDTEMP = @HAVE_MKDTEMP@ HAVE_MKFIFO = @HAVE_MKFIFO@ @@ -2536,6 +2539,16 @@ endif endif ## end gnulib module memrchr +## begin gnulib module memset_explicit +ifeq (,$(OMIT_GNULIB_MODULE_memset_explicit)) + +ifneq (,$(GL_COND_OBJ_MEMSET_EXPLICIT_CONDITION)) +libgnu_a_SOURCES += memset_explicit.c +endif + +endif +## end gnulib module memset_explicit + ## begin gnulib module minmax ifeq (,$(OMIT_GNULIB_MODULE_minmax)) @@ -3362,6 +3375,7 @@ string.h: string.in.h $(top_builddir)/config.status $(CXXDEFS_H) $(ARG_NONNULL_H -e 's/@''GNULIB_MEMMEM''@/$(GL_GNULIB_MEMMEM)/g' \ -e 's/@''GNULIB_MEMPCPY''@/$(GL_GNULIB_MEMPCPY)/g' \ -e 's/@''GNULIB_MEMRCHR''@/$(GL_GNULIB_MEMRCHR)/g' \ + -e 's/@''GNULIB_MEMSET_EXPLICIT''@/$(GL_GNULIB_MEMSET_EXPLICIT)/g' \ -e 's/@''GNULIB_RAWMEMCHR''@/$(GL_GNULIB_RAWMEMCHR)/g' \ -e 's/@''GNULIB_STPCPY''@/$(GL_GNULIB_STPCPY)/g' \ -e 's/@''GNULIB_STPNCPY''@/$(GL_GNULIB_STPNCPY)/g' \ @@ -3393,6 +3407,7 @@ string.h: string.in.h $(top_builddir)/config.status $(CXXDEFS_H) $(ARG_NONNULL_H -e 's|@''HAVE_DECL_MEMMEM''@|$(HAVE_DECL_MEMMEM)|g' \ -e 's|@''HAVE_MEMPCPY''@|$(HAVE_MEMPCPY)|g' \ -e 's|@''HAVE_DECL_MEMRCHR''@|$(HAVE_DECL_MEMRCHR)|g' \ + -e 's|@''HAVE_MEMSET_EXPLICIT''@|$(HAVE_MEMSET_EXPLICIT)|g' \ -e 's|@''HAVE_RAWMEMCHR''@|$(HAVE_RAWMEMCHR)|g' \ -e 's|@''HAVE_STPCPY''@|$(HAVE_STPCPY)|g' \ -e 's|@''HAVE_STPNCPY''@|$(HAVE_STPNCPY)|g' \ diff --git a/lib/memset_explicit.c b/lib/memset_explicit.c new file mode 100644 index 00000000000..eabeb3ec2b8 --- /dev/null +++ b/lib/memset_explicit.c @@ -0,0 +1,55 @@ +/* Erase sensitive data from memory. + Copyright 2022 Free Software Foundation, Inc. + + This file is free software: you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the + License, or (at your option) any later version. + + This file is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . */ + +#include + +/* memset_s need this define */ +#if HAVE_MEMSET_S +# define __STDC_WANT_LIB_EXT1__ 1 +#endif + +#include + +/* Set S's bytes to C, where S has LEN bytes. The compiler will not + optimize effects away, even if S is dead after the call. */ +void * +memset_explicit (void *s, int c, size_t len) +{ +#if HAVE_EXPLICIT_MEMSET + return explicit_memset (s, c, len); +#elif HAVE_MEMSET_S + (void) memset_s (s, len, c, len); + return s; +#elif defined __GNUC__ && !defined __clang__ + memset (s, c, len); + /* Compiler barrier. */ + __asm__ volatile ("" ::: "memory"); + return s; +#elif defined __clang__ + memset (s, c, len); + /* Compiler barrier. */ + /* With asm ("" ::: "memory") LLVM analyzes uses of 's' and finds that the + whole thing is dead and eliminates it. Use 'g' to work around this + problem. See . */ + __asm__ volatile ("" : : "g"(s) : "memory"); + return s; +#else + /* Invoke memset through a volatile function pointer. This defeats compiler + optimizations. */ + void * (* const volatile volatile_memset) (void *, int, size_t) = memset; + return volatile_memset (s, c, len); +#endif +} diff --git a/lib/string.in.h b/lib/string.in.h index e56f6db0c9c..21356914e21 100644 --- a/lib/string.in.h +++ b/lib/string.in.h @@ -347,6 +347,23 @@ _GL_WARN_ON_USE (memrchr, "memrchr is unportable - " # endif #endif +/* Overwrite a block of memory. The compiler will not optimize + effects away, even if the block is dead after the call. */ +#if @GNULIB_MEMSET_EXPLICIT@ +# if ! @HAVE_MEMSET_EXPLICIT@ +_GL_FUNCDECL_SYS (memset_explicit, void *, + (void *__dest, int __c, size_t __n) _GL_ARG_NONNULL ((1))); +# endif +_GL_CXXALIAS_SYS (memset_explicit, void *, (void *__dest, int __c, size_t __n)); +_GL_CXXALIASWARN (memset_explicit); +#elif defined GNULIB_POSIXCHECK +# undef memset_explicit +# if HAVE_RAW_DECL_MEMSET_EXPLICIT +_GL_WARN_ON_USE (memset_explicit, "memset_explicit is unportable - " + "use gnulib module memset_explicit for portability"); +# endif +#endif + /* Find the first occurrence of C in S. More efficient than memchr(S,C,N), at the expense of undefined behavior if C does not occur within N bytes. */ diff --git a/lib/verify.h b/lib/verify.h index 99af802993e..5225a8e616d 100644 --- a/lib/verify.h +++ b/lib/verify.h @@ -37,7 +37,7 @@ && (4 < __GNUC__ + (6 <= __GNUC_MINOR__) || 5 <= __clang_major__))) # define _GL_HAVE__STATIC_ASSERT 1 # endif -# if (202000 <= __STDC_VERSION__ \ +# if (202311 <= __STDC_VERSION__ \ || (!defined __STRICT_ANSI__ && 9 <= __GNUC__)) # define _GL_HAVE__STATIC_ASSERT1 1 # endif diff --git a/m4/explicit_bzero.m4 b/m4/explicit_bzero.m4 index 3b4ef8c3cc5..6c0d4c23368 100644 --- a/m4/explicit_bzero.m4 +++ b/m4/explicit_bzero.m4 @@ -15,9 +15,3 @@ AC_DEFUN([gl_FUNC_EXPLICIT_BZERO], HAVE_EXPLICIT_BZERO=0 fi ]) - -AC_DEFUN([gl_PREREQ_EXPLICIT_BZERO], -[ - AC_CHECK_FUNCS([explicit_memset]) - AC_CHECK_FUNCS_ONCE([memset_s]) -]) diff --git a/m4/gnulib-comp.m4 b/m4/gnulib-comp.m4 index 1a8bf8b7cdf..97d0a7d21f8 100644 --- a/m4/gnulib-comp.m4 +++ b/m4/gnulib-comp.m4 @@ -137,6 +137,7 @@ AC_DEFUN([gl_EARLY], # Code from module memmem-simple: # Code from module mempcpy: # Code from module memrchr: + # Code from module memset_explicit: # Code from module minmax: # Code from module mkostemp: # Code from module mktime: @@ -287,9 +288,6 @@ AC_DEFUN([gl_INIT], gl_CONDITIONAL([GL_COND_OBJ_EXECINFO], [$GL_GENERATE_EXECINFO_H]) gl_FUNC_EXPLICIT_BZERO gl_CONDITIONAL([GL_COND_OBJ_EXPLICIT_BZERO], [test $HAVE_EXPLICIT_BZERO = 0]) - AM_COND_IF([GL_COND_OBJ_EXPLICIT_BZERO], [ - gl_PREREQ_EXPLICIT_BZERO - ]) gl_STRING_MODULE_INDICATOR([explicit_bzero]) AC_REQUIRE([gl_EXTERN_INLINE]) gl_FUNC_FACCESSAT @@ -422,6 +420,12 @@ AC_DEFUN([gl_INIT], gl_PREREQ_MEMRCHR ]) gl_STRING_MODULE_INDICATOR([memrchr]) + gl_FUNC_MEMSET_EXPLICIT + gl_CONDITIONAL([GL_COND_OBJ_MEMSET_EXPLICIT], [test $HAVE_MEMSET_EXPLICIT = 0]) + AM_COND_IF([GL_COND_OBJ_MEMSET_EXPLICIT], [ + gl_PREREQ_MEMSET_EXPLICIT + ]) + gl_STRING_MODULE_INDICATOR([memset_explicit]) gl_MINMAX gl_FUNC_MKOSTEMP gl_CONDITIONAL([GL_COND_OBJ_MKOSTEMP], [test $HAVE_MKOSTEMP = 0]) @@ -1318,6 +1322,7 @@ AC_DEFUN([gl_FILE_LIST], [ lib/memmem.c lib/mempcpy.c lib/memrchr.c + lib/memset_explicit.c lib/mini-gmp-gnulib.c lib/mini-gmp.c lib/mini-gmp.h @@ -1476,6 +1481,7 @@ AC_DEFUN([gl_FILE_LIST], [ m4/memmem.m4 m4/mempcpy.m4 m4/memrchr.m4 + m4/memset_explicit.m4 m4/minmax.m4 m4/mkostemp.m4 m4/mktime.m4 diff --git a/m4/memset_explicit.m4 b/m4/memset_explicit.m4 new file mode 100644 index 00000000000..3d4dcb30955 --- /dev/null +++ b/m4/memset_explicit.m4 @@ -0,0 +1,20 @@ +dnl Copyright 2022 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +AC_DEFUN([gl_FUNC_MEMSET_EXPLICIT], +[ + AC_REQUIRE([gl_STRING_H_DEFAULTS]) + + AC_CHECK_FUNCS_ONCE([memset_explicit]) + if test $ac_cv_func_memset_explicit = no; then + HAVE_MEMSET_EXPLICIT=0 + fi +]) + +AC_DEFUN([gl_PREREQ_MEMSET_EXPLICIT], +[ + AC_CHECK_FUNCS([explicit_memset]) + AC_CHECK_FUNCS_ONCE([memset_s]) +]) diff --git a/m4/string_h.m4 b/m4/string_h.m4 index 9e09b96e165..6069d4a7523 100644 --- a/m4/string_h.m4 +++ b/m4/string_h.m4 @@ -5,7 +5,7 @@ # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 34 +# serial 35 # Written by Paul Eggert. @@ -21,7 +21,8 @@ AC_DEFUN_ONCE([gl_STRING_H], dnl guaranteed by C89. gl_WARN_ON_USE_PREPARE([[#include ]], - [ffsl ffsll memmem mempcpy memrchr rawmemchr stpcpy stpncpy strchrnul + [explicit_bzero ffsl ffsll memmem mempcpy memrchr memset_explicit + rawmemchr stpcpy stpncpy strchrnul strdup strncat strndup strnlen strpbrk strsep strcasestr strtok_r strerror_r strerrorname_np sigabbrev_np sigdescr_np strsignal strverscmp]) @@ -54,6 +55,7 @@ AC_DEFUN([gl_STRING_H_REQUIRE_DEFAULTS], gl_MODULE_INDICATOR_INIT_VARIABLE([GNULIB_MEMMEM]) gl_MODULE_INDICATOR_INIT_VARIABLE([GNULIB_MEMPCPY]) gl_MODULE_INDICATOR_INIT_VARIABLE([GNULIB_MEMRCHR]) + gl_MODULE_INDICATOR_INIT_VARIABLE([GNULIB_MEMSET_EXPLICIT]) gl_MODULE_INDICATOR_INIT_VARIABLE([GNULIB_RAWMEMCHR]) gl_MODULE_INDICATOR_INIT_VARIABLE([GNULIB_STPCPY]) gl_MODULE_INDICATOR_INIT_VARIABLE([GNULIB_STPNCPY]) @@ -107,6 +109,7 @@ AC_DEFUN([gl_STRING_H_DEFAULTS], HAVE_FFSLL=1; AC_SUBST([HAVE_FFSLL]) HAVE_DECL_MEMMEM=1; AC_SUBST([HAVE_DECL_MEMMEM]) HAVE_MEMPCPY=1; AC_SUBST([HAVE_MEMPCPY]) + HAVE_MEMSET_EXPLICIT=1; AC_SUBST([HAVE_MEMSET_EXPLICIT]) HAVE_DECL_MEMRCHR=1; AC_SUBST([HAVE_DECL_MEMRCHR]) HAVE_RAWMEMCHR=1; AC_SUBST([HAVE_RAWMEMCHR]) HAVE_STPCPY=1; AC_SUBST([HAVE_STPCPY])