move m_burn and function attributes to dbhelpers

use m_burn for libtomcrypt zeromem() too

9 files changed, 53 insertions, 43 deletions

diff --git a/Makefile.in b/Makefile.in
index becc4ab..d9bfdfa 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -24,7 +24,7 @@ CFLAGS+=-I$(srcdir)/libtomcrypt/src/headers/
 LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM) 
 endif
 
-COMMONOBJS=dbutil.o buffer.o \
+COMMONOBJS=dbutil.o buffer.o dbhelpers.o \
 		dss.o bignum.o \
 		signkey.o rsa.o dbrandom.o \
 		queue.o \
diff --git a/bignum.h b/bignum.h
index d05e8b7..59702c3 100644
--- a/bignum.h
+++ b/bignum.h
@@ -25,8 +25,7 @@
 #ifndef DROPBEAR_BIGNUM_H_
 #define DROPBEAR_BIGNUM_H_
 
-#include "includes.h"
-#include "dbutil.h"
+#include "dbhelpers.h"
 
 void m_mp_init(mp_int *mp);
 void m_mp_init_multi(mp_int *mp, ...) ATTRIB_SENTINEL;
diff --git a/dbhelpers.c b/dbhelpers.c
new file mode 100644
index 0000000..f7461d9
--- /dev/null
+++ b/dbhelpers.c
@@ -0,0 +1,25 @@
+#include "dbhelpers.h"
+#include "includes.h"
+
+/* Erase data */
+void m_burn(void *data, unsigned int len) {
+
+#if defined(HAVE_MEMSET_S)
+	memset_s(data, len, 0x0, len);
+#elif defined(HAVE_EXPLICIT_BZERO)
+	explicit_bzero(data, len);
+#else
+/* Based on the method in David Wheeler's
+ * "Secure Programming for Linux and Unix HOWTO". May not be safe
+ * against link-time optimisation. */
+	volatile char *p = data;
+
+	if (data == NULL)
+		return;
+	while (len--) {
+		*p++ = 0x0;
+	}
+#endif
+}
+
+
diff --git a/dbhelpers.h b/dbhelpers.h
new file mode 100644
index 0000000..d47707e
--- /dev/null
+++ b/dbhelpers.h
@@ -0,0 +1,21 @@
+#ifndef DROPBEAR_DBHELPERS_H_
+#define DROPBEAR_DBHELPERS_H_
+
+/* This header defines some things that are also used by libtomcrypt/math. 
+   We avoid including normal include.h since that can result in conflicting 
+   definitinos - only include config.h */
+#include "config.h"
+
+#ifdef __GNUC__
+#define ATTRIB_PRINTF(fmt,args) __attribute__((format(printf, fmt, args))) 
+#define ATTRIB_NORETURN __attribute__((noreturn))
+#define ATTRIB_SENTINEL __attribute__((sentinel))
+#else
+#define ATTRIB_PRINTF(fmt,args)
+#define ATTRIB_NORETURN
+#define ATTRIB_SENTINEL
+#endif
+
+void m_burn(void* data, unsigned int len);
+
+#endif /* DROPBEAR_DBHELPERS_H_ */
diff --git a/dbutil.c b/dbutil.c
index 27f0fd1..ef06802 100644
--- a/dbutil.c
+++ b/dbutil.c
@@ -559,28 +559,6 @@ void * m_realloc(void* ptr, size_t size) {
 	return ret;
 }
 
-/* Clear the data, based on the method in David Wheeler's
- * "Secure Programming for Linux and Unix HOWTO" */
-/* Beware of calling this from within dbutil.c - things might get
- * optimised away */
-void m_burn(void *data, unsigned int len) {
-
-#if defined(HAVE_MEMSET_S)
-	memset_s(data, len, 0x0, len);
-#elif defined(HAVE_EXPLICIT_BZERO)
-	explicit_bzero(data, len);
-#else
-	volatile char *p = data;
-
-	if (data == NULL)
-		return;
-	while (len--) {
-		*p++ = 0x0;
-	}
-#endif
-}
-
-
 void setnonblocking(int fd) {
 
 	TRACE(("setnonblocking: %d", fd))
diff --git a/dbutil.h b/dbutil.h
index bc7dfa2..8d589ed 100644
--- a/dbutil.h
+++ b/dbutil.h
@@ -29,21 +29,12 @@
 #include "includes.h"
 #include "buffer.h"
 #include "queue.h"
+#include "dbhelpers.h"
 
 #ifndef DISABLE_SYSLOG
 void startsyslog(const char *ident);
 #endif
 
-#ifdef __GNUC__
-#define ATTRIB_PRINTF(fmt,args) __attribute__((format(printf, fmt, args))) 
-#define ATTRIB_NORETURN __attribute__((noreturn))
-#define ATTRIB_SENTINEL __attribute__((sentinel))
-#else
-#define ATTRIB_PRINTF(fmt,args)
-#define ATTRIB_NORETURN
-#define ATTRIB_SENTINEL
-#endif
-
 extern void (*_dropbear_exit)(int exitcode, const char* format, va_list param) ATTRIB_NORETURN;
 extern void (*_dropbear_log)(int priority, const char* format, va_list param);
 
@@ -79,7 +70,6 @@ void * m_malloc(size_t size);
 void * m_strdup(const char * str);
 void * m_realloc(void* ptr, size_t size);
 #define m_free(X) do {free(X); (X) = NULL;} while (0)
-void m_burn(void* data, unsigned int len);
 void setnonblocking(int fd);
 void disallow_core(void);
 int m_str_to_uint(const char* str, unsigned int *val);
diff --git a/libtomcrypt/src/headers/tomcrypt_custom.h b/libtomcrypt/src/headers/tomcrypt_custom.h
index cbfaeb3..82cb26e 100644
--- a/libtomcrypt/src/headers/tomcrypt_custom.h
+++ b/libtomcrypt/src/headers/tomcrypt_custom.h
@@ -1,7 +1,7 @@
 #ifndef TOMCRYPT_CUSTOM_H_
 #define TOMCRYPT_CUSTOM_H_
 
-/* this will sort out which stuff based on the user-config in options.h */
+/* compile options depend on Dropbear options.h */
 #include "options.h"
 
 /* macros for various libc functions you can change for embedded targets */
diff --git a/libtomcrypt/src/misc/zeromem.c b/libtomcrypt/src/misc/zeromem.c
index 42dc3c2..9f6ba9b 100644
--- a/libtomcrypt/src/misc/zeromem.c
+++ b/libtomcrypt/src/misc/zeromem.c
@@ -9,6 +9,7 @@
  * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
  */
 #include "tomcrypt.h"
+#include "dbhelpers.h"
 
 /**
    @file zeromem.c
@@ -22,11 +23,7 @@
 */
 void zeromem(void *out, size_t outlen)
 {
-   unsigned char *mem = out;
-   LTC_ARGCHKVD(out != NULL);
-   while (outlen-- > 0) {
-      *mem++ = 0;
-   }
+   m_burn(out, outlen);
 }
 
 /* $Source: /cvs/libtom/libtomcrypt/src/misc/zeromem.c,v $ */
diff --git a/libtommath/bn_mp_clear.c b/libtommath/bn_mp_clear.c
index 4b8a10e..16f7982 100644
--- a/libtommath/bn_mp_clear.c
+++ b/libtommath/bn_mp_clear.c
@@ -1,5 +1,5 @@
 #include <tommath.h>
-#include "dbutil.h"
+#include "dbhelpers.h"
 #ifdef BN_MP_CLEAR_C
 /* LibTomMath, multiple-precision integer library -- Tom St Denis
  *