Prefer memset_explicit(3) to clear memory, if available.

This function is defined in ISO/IEC 9899:2024, with the explicit guarantee the compiler will not optimize the memory overwrite away. Also prefer memset_s(3) over explicit_bzero(3), if available.
besser82 · Jan 16, 2025 · 4450c48 · 4450c48
1 parent 88ecfa5
commit 4450c48
Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/configure.ac b/configure.ac
@@ -244,6 +244,7 @@ AC_CHECK_FUNCS_ONCE([
   explicit_memset
   getentropy
   getrandom
+  memset_explicit
   memset_s
   open64
   syscall

diff --git a/lib/crypt-port.h b/lib/crypt-port.h
@@ -160,12 +160,16 @@ typedef union
    to whatever platform routine is available, or to our own fallback
    implementation.  */
 #define INCLUDE_explicit_bzero 0
-#if defined HAVE_EXPLICIT_BZERO
+#if defined HAVE_MEMSET_EXPLICIT
+/* Preferred over explicit_bzero, as this is part of the C23 standard.
+   See: ISO/IEC 9899:2024  */
+#define explicit_bzero(s, len) memset_explicit(s, 0, len)
+#elif defined HAVE_MEMSET_S
+#define explicit_bzero(s, len) memset_s(s, len, 0, len)
+#elif defined HAVE_EXPLICIT_BZERO
 /* nothing to do */
 #elif defined HAVE_EXPLICIT_MEMSET
 #define explicit_bzero(s, len) explicit_memset(s, 0, len)
-#elif defined HAVE_MEMSET_S
-#define explicit_bzero(s, len) memset_s(s, len, 0, len)
 #else
 /* activate our fallback implementation */
 #undef INCLUDE_explicit_bzero