1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * Copyright (c) 2014, STMicroelectronics International N.V.
4  */
5 
6 /*
7  * This file provides extensions for functions not defined in <string.h>
8  */
9 
10 #ifndef STRING_EXT_H
11 #define STRING_EXT_H
12 
13 #include <stddef.h>
14 #include <sys/cdefs.h>
15 
16 /*
17  * Copy src to string dst of siz size.  At most siz-1 characters
18  * will be copied.  Always NUL terminates (unless siz == 0).
19  * Returns strlen(src); if retval >= siz, truncation occurred.
20  */
21 size_t strlcpy(char *dst, const char *src, size_t size);
22 size_t strlcat(char *dst, const char *src, size_t size);
23 
24 /* A constant-time version of memcmp() */
25 int consttime_memcmp(const void *p1, const void *p2, size_t nb);
26 
27 /* Deprecated. For backward compatibility. */
buf_compare_ct(const void * s1,const void * s2,size_t n)28 static inline int buf_compare_ct(const void *s1, const void *s2, size_t n)
29 {
30 	return consttime_memcmp(s1, s2, n);
31 }
32 
33 /* Variant of strdup() that uses nex_malloc() instead of malloc() */
34 char *nex_strdup(const char *s);
35 
36 /*
37  * Like memset(s, 0, count) but prevents the compiler from optimizing the call
38  * away. Such "dead store elimination" optimizations typically occur when
39  * clearing a *local* variable that is not used after it is cleared; but
40  * link-time optimization (LTO) can also trigger code elimination in other
41  * circumstances. See "Dead Store Elimination (Still) Considered Harmful" [1]
42  * for details and examples (and note that the Cland compiler enables LTO by
43  * default!).
44  *
45  * [1] https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-yang.pdf
46  *
47  * Practically speaking:
48  *
49  * - Use memzero_explicit() to *clear* (as opposed to initialize) *sensitive*
50  *   data (such as keys, passwords, cryptographic state);
51  * - Otherwise, use memset().
52  */
53 void memzero_explicit(void *s, size_t count);
54 
55 #endif /* STRING_EXT_H */
56