From 420151dbd9e9737fcb7df46529b5fa63a10b8efa Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Thu, 17 Mar 2016 23:21:33 +0800
Subject: [PATCH] move m_burn and function attributes to dbhelpers use m_burn
 for libtomcrypt zeromem() too

---
 Makefile.in                               |  2 +-
 bignum.h                                  |  3 +--
 dbhelpers.c                               | 25 +++++++++++++++++++++++
 dbhelpers.h                               | 21 +++++++++++++++++++
 dbutil.c                                  | 22 --------------------
 dbutil.h                                  | 12 +----------
 libtomcrypt/src/headers/tomcrypt_custom.h |  2 +-
 libtomcrypt/src/misc/zeromem.c            |  7 ++-----
 libtommath/bn_mp_clear.c                  |  2 +-
 9 files changed, 53 insertions(+), 43 deletions(-)
 create mode 100644 dbhelpers.c
 create mode 100644 dbhelpers.h

diff --git a/Makefile.in b/Makefile.in
index becc4ab7..d9bfdfaf 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -24,7 +24,7 @@ CFLAGS+=-I$(srcdir)/libtomcrypt/src/headers/
 LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM) 
 endif
 
-COMMONOBJS=dbutil.o buffer.o \
+COMMONOBJS=dbutil.o buffer.o dbhelpers.o \
 		dss.o bignum.o \
 		signkey.o rsa.o dbrandom.o \
 		queue.o \
diff --git a/bignum.h b/bignum.h
index d05e8b77..59702c3d 100644
--- a/bignum.h
+++ b/bignum.h
@@ -25,8 +25,7 @@
 #ifndef DROPBEAR_BIGNUM_H_
 #define DROPBEAR_BIGNUM_H_
 
-#include "includes.h"
-#include "dbutil.h"
+#include "dbhelpers.h"
 
 void m_mp_init(mp_int *mp);
 void m_mp_init_multi(mp_int *mp, ...) ATTRIB_SENTINEL;
diff --git a/dbhelpers.c b/dbhelpers.c
new file mode 100644
index 00000000..f7461d99
--- /dev/null
+++ b/dbhelpers.c
@@ -0,0 +1,25 @@
+#include "dbhelpers.h"
+#include "includes.h"
+
+/* Erase data */
+void m_burn(void *data, unsigned int len) {
+
+#if defined(HAVE_MEMSET_S)
+	memset_s(data, len, 0x0, len);
+#elif defined(HAVE_EXPLICIT_BZERO)
+	explicit_bzero(data, len);
+#else
+/* Based on the method in David Wheeler's
+ * "Secure Programming for Linux and Unix HOWTO". May not be safe
+ * against link-time optimisation. */
+	volatile char *p = data;
+
+	if (data == NULL)
+		return;
+	while (len--) {
+		*p++ = 0x0;
+	}
+#endif
+}
+
+
diff --git a/dbhelpers.h b/dbhelpers.h
new file mode 100644
index 00000000..d47707e0
--- /dev/null
+++ b/dbhelpers.h
@@ -0,0 +1,21 @@
+#ifndef DROPBEAR_DBHELPERS_H_
+#define DROPBEAR_DBHELPERS_H_
+
+/* This header defines some things that are also used by libtomcrypt/math. 
+   We avoid including normal include.h since that can result in conflicting 
+   definitinos - only include config.h */
+#include "config.h"
+
+#ifdef __GNUC__
+#define ATTRIB_PRINTF(fmt,args) __attribute__((format(printf, fmt, args))) 
+#define ATTRIB_NORETURN __attribute__((noreturn))
+#define ATTRIB_SENTINEL __attribute__((sentinel))
+#else
+#define ATTRIB_PRINTF(fmt,args)
+#define ATTRIB_NORETURN
+#define ATTRIB_SENTINEL
+#endif
+
+void m_burn(void* data, unsigned int len);
+
+#endif /* DROPBEAR_DBHELPERS_H_ */
diff --git a/dbutil.c b/dbutil.c
index 27f0fd11..ef068024 100644
--- a/dbutil.c
+++ b/dbutil.c
@@ -559,28 +559,6 @@ void * m_realloc(void* ptr, size_t size) {
 	return ret;
 }
 
-/* Clear the data, based on the method in David Wheeler's
- * "Secure Programming for Linux and Unix HOWTO" */
-/* Beware of calling this from within dbutil.c - things might get
- * optimised away */
-void m_burn(void *data, unsigned int len) {
-
-#if defined(HAVE_MEMSET_S)
-	memset_s(data, len, 0x0, len);
-#elif defined(HAVE_EXPLICIT_BZERO)
-	explicit_bzero(data, len);
-#else
-	volatile char *p = data;
-
-	if (data == NULL)
-		return;
-	while (len--) {
-		*p++ = 0x0;
-	}
-#endif
-}
-
-
 void setnonblocking(int fd) {
 
 	TRACE(("setnonblocking: %d", fd))
diff --git a/dbutil.h b/dbutil.h
index bc7dfa28..8d589edb 100644
--- a/dbutil.h
+++ b/dbutil.h
@@ -29,21 +29,12 @@
 #include "includes.h"
 #include "buffer.h"
 #include "queue.h"
+#include "dbhelpers.h"
 
 #ifndef DISABLE_SYSLOG
 void startsyslog(const char *ident);
 #endif
 
-#ifdef __GNUC__
-#define ATTRIB_PRINTF(fmt,args) __attribute__((format(printf, fmt, args))) 
-#define ATTRIB_NORETURN __attribute__((noreturn))
-#define ATTRIB_SENTINEL __attribute__((sentinel))
-#else
-#define ATTRIB_PRINTF(fmt,args)
-#define ATTRIB_NORETURN
-#define ATTRIB_SENTINEL
-#endif
-
 extern void (*_dropbear_exit)(int exitcode, const char* format, va_list param) ATTRIB_NORETURN;
 extern void (*_dropbear_log)(int priority, const char* format, va_list param);
 
@@ -79,7 +70,6 @@ void * m_malloc(size_t size);
 void * m_strdup(const char * str);
 void * m_realloc(void* ptr, size_t size);
 #define m_free(X) do {free(X); (X) = NULL;} while (0)
-void m_burn(void* data, unsigned int len);
 void setnonblocking(int fd);
 void disallow_core(void);
 int m_str_to_uint(const char* str, unsigned int *val);
diff --git a/libtomcrypt/src/headers/tomcrypt_custom.h b/libtomcrypt/src/headers/tomcrypt_custom.h
index cbfaeb31..82cb26e5 100644
--- a/libtomcrypt/src/headers/tomcrypt_custom.h
+++ b/libtomcrypt/src/headers/tomcrypt_custom.h
@@ -1,7 +1,7 @@
 #ifndef TOMCRYPT_CUSTOM_H_
 #define TOMCRYPT_CUSTOM_H_
 
-/* this will sort out which stuff based on the user-config in options.h */
+/* compile options depend on Dropbear options.h */
 #include "options.h"
 
 /* macros for various libc functions you can change for embedded targets */
diff --git a/libtomcrypt/src/misc/zeromem.c b/libtomcrypt/src/misc/zeromem.c
index 42dc3c2c..9f6ba9bf 100644
--- a/libtomcrypt/src/misc/zeromem.c
+++ b/libtomcrypt/src/misc/zeromem.c
@@ -9,6 +9,7 @@
  * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
  */
 #include "tomcrypt.h"
+#include "dbhelpers.h"
 
 /**
    @file zeromem.c
@@ -22,11 +23,7 @@
 */
 void zeromem(void *out, size_t outlen)
 {
-   unsigned char *mem = out;
-   LTC_ARGCHKVD(out != NULL);
-   while (outlen-- > 0) {
-      *mem++ = 0;
-   }
+   m_burn(out, outlen);
 }
 
 /* $Source: /cvs/libtom/libtomcrypt/src/misc/zeromem.c,v $ */
diff --git a/libtommath/bn_mp_clear.c b/libtommath/bn_mp_clear.c
index 4b8a10e8..16f79827 100644
--- a/libtommath/bn_mp_clear.c
+++ b/libtommath/bn_mp_clear.c
@@ -1,5 +1,5 @@
 #include <tommath.h>
-#include "dbutil.h"
+#include "dbhelpers.h"
 #ifdef BN_MP_CLEAR_C
 /* LibTomMath, multiple-precision integer library -- Tom St Denis
  *
-- 
GitLab