1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 */ 5 6 /* 7 * This file provides extensions for functions not defined in <string.h> 8 */ 9 10 #ifndef __STRING_EXT_H 11 #define __STRING_EXT_H 12 13 #include <stddef.h> 14 #include <sys/cdefs.h> 15 16 /* 17 * Copy src to string dst of siz size. At most siz-1 characters 18 * will be copied. Always NUL terminates (unless siz == 0). 19 * Returns strlen(src); if retval >= siz, truncation occurred. 20 */ 21 size_t strlcpy(char *dst, const char *src, size_t size); 22 size_t strlcat(char *dst, const char *src, size_t size); 23 24 /* A constant-time version of memcmp() */ 25 int consttime_memcmp(const void *p1, const void *p2, size_t nb); 26 27 /* Deprecated. For backward compatibility. */ 28 static inline int buf_compare_ct(const void *s1, const void *s2, size_t n) 29 { 30 return consttime_memcmp(s1, s2, n); 31 } 32 33 /* Variant of strdup() that uses nex_malloc() instead of malloc() */ 34 char *nex_strdup(const char *s); 35 36 /* 37 * Like memset(s, 0, count) but prevents the compiler from optimizing the call 38 * away. Such "dead store elimination" optimizations typically occur when 39 * clearing a *local* variable that is not used after it is cleared; but 40 * link-time optimization (LTO) can also trigger code elimination in other 41 * circumstances. See "Dead Store Elimination (Still) Considered Harmful" [1] 42 * for details and examples (and note that the Cland compiler enables LTO by 43 * default!). 44 * 45 * [1] https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-yang.pdf 46 * 47 * Practically speaking: 48 * 49 * - Use memzero_explicit() to *clear* (as opposed to initialize) *sensitive* 50 * data (such as keys, passwords, cryptographic state); 51 * - Otherwise, use memset(). 52 */ 53 void memzero_explicit(void *s, size_t count); 54 55 #endif /* __STRING_EXT_H */ 56