gnutls_memset: use explicit_bzero

That is, use the glibc function when available and the second
parameter is zero.

Resolves #230

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

4 files changed, 20 insertions, 12 deletions

diff --git a/configure.ac b/configure.ac
index 9e16a5cd07..3001d212e1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -293,7 +293,7 @@ AC_C_BIGENDIAN
 
 dnl No fork on MinGW, disable some self-tests until we fix them.
 dnl Check clock_gettime and pthread_mutex_lock in libc (avoid linking to other libs)
-AC_CHECK_FUNCS([fork setitimer inet_ntop inet_pton getrusage getpwuid_r nanosleep daemon getpid localtime vasprintf mmap],,)
+AC_CHECK_FUNCS([fork setitimer inet_ntop inet_pton getrusage getpwuid_r nanosleep daemon getpid localtime vasprintf mmap explicit_bzero],,)
 dnl Manually check some functions by including headers first. On macOS, you
 dnl normally only have the latest SDK available, containing all existing
 dnl functions, but having them restricted according to target version in
diff --git a/lib/safe-memfuncs.c b/lib/safe-memfuncs.c
index e5673e5737..5e413c9486 100644
--- a/lib/safe-memfuncs.c
+++ b/lib/safe-memfuncs.c
@@ -18,11 +18,8 @@
  *
  */
 
-#ifdef TEST_SAFE_MEMSET
-# include <string.h>
-#else
-# include "gnutls_int.h"
-#endif
+#include "gnutls_int.h"
+#include <string.h>
 
 /**
  * gnutls_memset:
@@ -33,14 +30,18 @@
  * This function will operate similarly to memset(), but will
  * not be optimized out by the compiler.
  *
- * Returns: void.
- *
  * Since: 3.4.0
  **/
 void gnutls_memset(void *data, int c, size_t size)
 {
-	volatile unsigned volatile_zero = 0;
+	volatile unsigned volatile_zero;
 	volatile char *vdata = (volatile char*)data;
+#ifdef HAVE_EXPLICIT_BZERO
+	if (c == 0) {
+		explicit_bzero(data, size);
+	}
+#endif
+	volatile_zero = 0;
 
 	/* This is based on a nice trick for safe memset,
 	 * sent by David Jacobson in the openssl-dev mailing list.
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 87da31a25d..646aa819bd 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -147,13 +147,13 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei
 	 mini-emsgsize-dtls chainverify-unsorted mini-overhead tls12-ffdhe \
 	 mini-dtls-heartbeat mini-x509-callbacks key-openssl priorities priorities-groups	\
 	 gnutls_x509_privkey_import gnutls_x509_crt_list_import \
-	 sign-verify-ext4 tls-neg-ext4-key resume-lifetime \
+	 sign-verify-ext4 tls-neg-ext4-key resume-lifetime memset0 memset1 \
 	 mini-dtls-srtp rsa-encrypt-decrypt mini-loss-time gnutls-strcodes \
 	 mini-record mini-dtls-record handshake-timeout mini-record-range \
 	 mini-cert-status fips-mode-pthread rsa-psk global-init sec-params sign-verify-data \
 	 fips-test fips-override-test mini-global-load name-constraints x509-extensions \
 	 long-session-id mini-x509-callbacks-intr mini-dtls-lowmtu set_x509_key_file-late \
-	 crlverify mini-dtls-discard init_fds mini-record-failure memset \
+	 crlverify mini-dtls-discard init_fds mini-record-failure \
 	 tls12-rehandshake-cert-2 custom-urls set_x509_key_mem set_x509_key_file \
 	 mini-chain-unsorted x509-verify-with-crl mini-dtls-mtu privkey-verify-broken \
 	 mini-dtls-record-asym key-import-export priority-set priority-set2 \
@@ -236,6 +236,14 @@ fips_mode_pthread_LDADD = $(LDADD) -lpthread
 mini_dtls_pthread_LDADD = $(LDADD) -lpthread
 rng_pthread_LDADD = $(LDADD) -lpthread
 
+memset0_CFLAGS = -DCHAR=0x0
+memset0_SOURCES = memset.c
+memset0_LDADD = $(LDADD)
+
+memset1_CFLAGS = -DCHAR=0xa
+memset1_SOURCES = memset.c
+memset1_LDADD = $(LDADD)
+
 tls12_rollback_detection_CFLAGS = -DTLS12
 tls12_rollback_detection_SOURCES = tls13/rnd-rollback-detection.c
 tls12_rollback_detection_LDADD = $(LDADD) ../gl/libgnu.la
diff --git a/tests/memset.c b/tests/memset.c
index 574df7caca..b39f289b4a 100644
--- a/tests/memset.c
+++ b/tests/memset.c
@@ -33,7 +33,6 @@
 #include "utils.h"
 
 #define BUF_SIZE 128
-#define CHAR 0x0a
 
 void func1(void);
 void func2(void);