11bb92983SJerome Forissier /* SPDX-License-Identifier: BSD-2-Clause */ 2b0104773SPascal Brand /* 3b0104773SPascal Brand * Copyright (c) 2014, STMicroelectronics International N.V. 4b0104773SPascal Brand */ 5b0104773SPascal Brand 6b0104773SPascal Brand /* 7b0104773SPascal Brand * This file provides extensions for functions not defined in <string.h> 8b0104773SPascal Brand */ 9b0104773SPascal Brand 10*7eaed3a3SEtienne Carriere #ifndef __STRING_EXT_H 11*7eaed3a3SEtienne Carriere #define __STRING_EXT_H 12b0104773SPascal Brand 13b0104773SPascal Brand #include <stddef.h> 14b0104773SPascal Brand #include <sys/cdefs.h> 15b0104773SPascal Brand 16b0104773SPascal Brand /* 17b0104773SPascal Brand * Copy src to string dst of siz size. At most siz-1 characters 18b0104773SPascal Brand * will be copied. Always NUL terminates (unless siz == 0). 19b0104773SPascal Brand * Returns strlen(src); if retval >= siz, truncation occurred. 20b0104773SPascal Brand */ 21b0104773SPascal Brand size_t strlcpy(char *dst, const char *src, size_t size); 22b0104773SPascal Brand size_t strlcat(char *dst, const char *src, size_t size); 23b0104773SPascal Brand 2448e10604SJerome Forissier /* A constant-time version of memcmp() */ 25b7da54b3SJerome Forissier int consttime_memcmp(const void *p1, const void *p2, size_t nb); 26b7da54b3SJerome Forissier 2748e10604SJerome Forissier /* Deprecated. For backward compatibility. */ 2848e10604SJerome Forissier static inline int buf_compare_ct(const void *s1, const void *s2, size_t n) 2948e10604SJerome Forissier { 3048e10604SJerome Forissier return consttime_memcmp(s1, s2, n); 3148e10604SJerome Forissier } 3248e10604SJerome Forissier 331131d3c5SVolodymyr Babchuk /* Variant of strdup() that uses nex_malloc() instead of malloc() */ 341131d3c5SVolodymyr Babchuk char *nex_strdup(const char *s); 351131d3c5SVolodymyr Babchuk 367c8b181aSJerome Forissier /* 377c8b181aSJerome Forissier * Like memset(s, 0, count) but prevents the compiler from optimizing the call 387c8b181aSJerome Forissier * away. Such "dead store elimination" optimizations typically occur when 397c8b181aSJerome Forissier * clearing a *local* variable that is not used after it is cleared; but 407c8b181aSJerome Forissier * link-time optimization (LTO) can also trigger code elimination in other 417c8b181aSJerome Forissier * circumstances. See "Dead Store Elimination (Still) Considered Harmful" [1] 427c8b181aSJerome Forissier * for details and examples (and note that the Cland compiler enables LTO by 437c8b181aSJerome Forissier * default!). 447c8b181aSJerome Forissier * 457c8b181aSJerome Forissier * [1] https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-yang.pdf 467c8b181aSJerome Forissier * 477c8b181aSJerome Forissier * Practically speaking: 487c8b181aSJerome Forissier * 497c8b181aSJerome Forissier * - Use memzero_explicit() to *clear* (as opposed to initialize) *sensitive* 507c8b181aSJerome Forissier * data (such as keys, passwords, cryptographic state); 517c8b181aSJerome Forissier * - Otherwise, use memset(). 527c8b181aSJerome Forissier */ 537c8b181aSJerome Forissier void memzero_explicit(void *s, size_t count); 547c8b181aSJerome Forissier 55*7eaed3a3SEtienne Carriere #endif /* __STRING_EXT_H */ 56