[PROPOSED 4/4] explicit_bzero: implement via memset_explicit

From: Paul Eggert <eggert@cs.ucla.edu>
To: bug-gnulib@gnu.org
Cc: Paul Eggert <eggert@cs.ucla.edu>
Subject: [PROPOSED 4/4] explicit_bzero: implement via memset_explicit
Date: Sun, 27 Nov 2022 20:55:43 -0800	[thread overview]
Message-ID: <20221128045543.1355731-5-eggert@cs.ucla.edu> (raw)
In-Reply-To: <20221128045543.1355731-1-eggert@cs.ucla.edu>

* lib/explicit_bzero.c (explicit_bzero):
Simplify by just calling memset_explicit.
* m4/explicit_bzero.m4 (gl_PREREQ_EXPLICIT_BZERO):
Now a no-op.
* modules/explicit_bzero (Depends-on): Add memset_explicit.
(configure.ac): No need to worry about gl_PREREQ_EXPLICIT_BZERO.
---
 ChangeLog              |  8 +++++
 lib/explicit_bzero.c   | 69 +++++++-----------------------------------
 m4/explicit_bzero.m4   |  7 ++---
 modules/explicit_bzero |  4 +--
 4 files changed, 22 insertions(+), 66 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ea76fef399..26dfd4174c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
 2022-11-27  Paul Eggert  <eggert@cs.ucla.edu>
 
+	explicit_bzero: implement via memset_explicit
+	* lib/explicit_bzero.c (explicit_bzero):
+	Simplify by just calling memset_explicit.
+	* m4/explicit_bzero.m4 (gl_PREREQ_EXPLICIT_BZERO):
+	Now a no-op.
+	* modules/explicit_bzero (Depends-on): Add memset_explicit.
+	(configure.ac): No need to worry about gl_PREREQ_EXPLICIT_BZERO.
+
 	explicit_bzero: memset_explicit is standard
 	* doc/glibc-functions/explicit_bzero.texi:
 	Say that memset_explicit is preferred in new code.
diff --git a/lib/explicit_bzero.c b/lib/explicit_bzero.c
index 584f982924..fc309f81d6 100644
--- a/lib/explicit_bzero.c
+++ b/lib/explicit_bzero.c
@@ -1,74 +1,27 @@
 /* Erasure of sensitive data, generic implementation.
    Copyright (C) 2016-2022 Free Software Foundation, Inc.
-   This file is part of the GNU C Library.
 
-   The GNU C Library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public
-   License as published by the Free Software Foundation; either
-   version 2.1 of the License, or (at your option) any later version.
+   This file is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Lesser General Public License as
+   published by the Free Software Foundation; either version 2.1 of the
+   License, or (at your option) any later version.
 
-   The GNU C Library is distributed in the hope that it will be useful,
+   This file is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Lesser General Public License for more details.
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Lesser General Public License for more details.
 
-   You should have received a copy of the GNU Lesser General Public
-   License along with the GNU C Library; if not, see
-   <https://www.gnu.org/licenses/>.  */
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
 
-/* An assembler implementation of explicit_bzero can be created as an
-   assembler alias of an optimized bzero implementation.
-   Architecture-specific implementations also need to define
-   __explicit_bzero_chk.  */
-
-#if !_LIBC
-# include <config.h>
-#endif
-
-/* memset_s need this define */
-#if HAVE_MEMSET_S
-# define __STDC_WANT_LIB_EXT1__ 1
-#endif
+#include <config.h>
 
 #include <string.h>
 
-#if defined _WIN32 && !defined __CYGWIN__
-# define  WIN32_LEAN_AND_MEAN
-# include <windows.h>
-#endif
-
-#if _LIBC
-/* glibc-internal users use __explicit_bzero_chk, and explicit_bzero
-   redirects to that.  */
-# undef explicit_bzero
-#endif
-
 /* Set LEN bytes of S to 0.  The compiler will not delete a call to
    this function, even if S is dead after the call.  */
 void
 explicit_bzero (void *s, size_t len)
 {
-#if defined _WIN32 && !defined __CYGWIN__
-  (void) SecureZeroMemory (s, len);
-#elif HAVE_EXPLICIT_MEMSET
-  explicit_memset (s, '\0', len);
-#elif HAVE_MEMSET_S
-  (void) memset_s (s, len, '\0', len);
-#elif defined __GNUC__ && !defined __clang__
-  memset (s, '\0', len);
-  /* Compiler barrier.  */
-  __asm__ volatile ("" ::: "memory");
-#elif defined __clang__
-  memset (s, '\0', len);
-  /* Compiler barrier.  */
-  /* With asm ("" ::: "memory") LLVM analyzes uses of 's' and finds that the
-     whole thing is dead and eliminates it.  Use 'g' to work around this
-     problem.  See <https://bugs.llvm.org/show_bug.cgi?id=15495#c11>.  */
-  __asm__ volatile ("" : : "g"(s) : "memory");
-#else
-  /* Invoke memset through a volatile function pointer.  This defeats compiler
-     optimizations.  */
-  void * (* const volatile volatile_memset) (void *, int, size_t) = memset;
-  (void) volatile_memset (s, '\0', len);
-#endif
+  memset_explicit (s, 0, len);
 }
diff --git a/m4/explicit_bzero.m4 b/m4/explicit_bzero.m4
index 3b4ef8c3cc..6e6f2b4037 100644
--- a/m4/explicit_bzero.m4
+++ b/m4/explicit_bzero.m4
@@ -16,8 +16,5 @@ AC_DEFUN([gl_FUNC_EXPLICIT_BZERO],
   fi
 ])
 
-AC_DEFUN([gl_PREREQ_EXPLICIT_BZERO],
-[
-  AC_CHECK_FUNCS([explicit_memset])
-  AC_CHECK_FUNCS_ONCE([memset_s])
-])
+dnl Defined for backward compatibility.
+AC_DEFUN([gl_PREREQ_EXPLICIT_BZERO], [:])
diff --git a/modules/explicit_bzero b/modules/explicit_bzero
index bb5f8a5310..8ba9a06ada 100644
--- a/modules/explicit_bzero
+++ b/modules/explicit_bzero
@@ -7,14 +7,12 @@ m4/explicit_bzero.m4
 
 Depends-on:
 extensions
+memset_explicit
 string
 
 configure.ac:
 gl_FUNC_EXPLICIT_BZERO
 gl_CONDITIONAL([GL_COND_OBJ_EXPLICIT_BZERO], [test $HAVE_EXPLICIT_BZERO = 0])
-AM_COND_IF([GL_COND_OBJ_EXPLICIT_BZERO], [
-  gl_PREREQ_EXPLICIT_BZERO
-])
 gl_STRING_MODULE_INDICATOR([explicit_bzero])
 
 Makefile.am:
-- 
2.37.2


