2 files changed, 0 insertions, 232 deletions
diff --git a/src/regress/lib/libc/explicit_bzero/Makefile b/src/regress/lib/libc/explicit_bzero/Makefile
deleted file mode 100644
index cd514a43a1..0000000000
--- a/src/regress/lib/libc/explicit_bzero/Makefile
+++ /dev/null
@@ -1,5 +0,0 @@
-#       $OpenBSD: Makefile,v 1.1 2014/06/12 22:01:55 matthew Exp $
-PROG=   explicit_bzero
-.include <bsd.regress.mk>
diff --git a/src/regress/lib/libc/explicit_bzero/explicit_bzero.c b/src/regress/lib/libc/explicit_bzero/explicit_bzero.c
deleted file mode 100644
index 30c86290e8..0000000000
--- a/src/regress/lib/libc/explicit_bzero/explicit_bzero.c
+++ /dev/null
@@ -1,227 +0,0 @@
-/*      $OpenBSD: explicit_bzero.c,v 1.10 2025/05/31 15:31:40 tb Exp $  */
-/*
- * Copyright (c) 2014 Google Inc.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#include <assert.h>
-#include <errno.h>
-#include <signal.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#define ASSERT_EQ(a, b) assert((a) == (b))
-#define ASSERT_NE(a, b) assert((a) != (b))
-#define ASSERT_GE(a, b) assert((a) >= (b))
-#if defined(__has_feature)
-#if __has_feature(address_sanitizer)
-#ifndef __SANITIZE_ADDRESS__
-#define __SANITIZE_ADDRESS__
-#endif
-#endif
-#endif
-#ifdef __SANITIZE_ADDRESS__
-#define ATTRIBUTE_NO_SANITIZE_ADDRESS __attribute__((no_sanitize_address))
-#else
-#define ATTRIBUTE_NO_SANITIZE_ADDRESS
-#endif
-/* 128 bits of random data. */
-static const char secret[16] = {
-        0xa0, 0x6c, 0x0c, 0x81, 0xba, 0xd8, 0x5b, 0x0c,
-        0xb0, 0xd6, 0xd4, 0xe3, 0xeb, 0x52, 0x5f, 0x96,
-};
-enum {
-        SECRETCOUNT = 64,
-        SECRETBYTES = SECRETCOUNT * sizeof(secret)
-};
-/*
- * As of glibc 2.34, when _GNU_SOURCE is defined, SIGSTKSZ is no longer
- * constant on Linux. SIGSTKSZ is redefined to sysconf (_SC_SIGSTKSZ).
- */
-static char *altstack;
-#define ALTSTACK_SIZE (SIGSTKSZ + SECRETBYTES)
-static void
-setup_stack(void)
-{
-        altstack = calloc(1, ALTSTACK_SIZE);
-        ASSERT_NE(NULL, altstack);
-        const stack_t sigstk = {
-                .ss_sp = altstack,
-                .ss_size = ALTSTACK_SIZE
-        };
-        ASSERT_EQ(0, sigaltstack(&sigstk, NULL));
-}
-static void
-cleanup_stack(void)
-{
-        free(altstack);
-}
-static void
-assert_on_stack(void)
-{
-        stack_t cursigstk;
-        ASSERT_EQ(0, sigaltstack(NULL, &cursigstk));
-        ASSERT_EQ(SS_ONSTACK, cursigstk.ss_flags & (SS_DISABLE|SS_ONSTACK));
-}
-static void
-call_on_stack(void (*fn)(int))
-{
-        /*
-         * This is a bit more complicated than strictly necessary, but
-         * it ensures we don't have any flaky test failures due to
-         * inherited signal masks/actions/etc.
-         *
-         * On systems where SA_ONSTACK is not supported, this could
-         * alternatively be implemented using makecontext() or
-         * pthread_attr_setstack().
-         */
-        const struct sigaction sigact = {
-                .sa_handler = fn,
-                .sa_flags = SA_ONSTACK,
-        };
-        struct sigaction oldsigact;
-        sigset_t sigset, oldsigset;
-        /* First, block all signals. */
-        ASSERT_EQ(0, sigemptyset(&sigset));
-        ASSERT_EQ(0, sigfillset(&sigset));
-        ASSERT_EQ(0, sigprocmask(SIG_BLOCK, &sigset, &oldsigset));
-        /* Next setup the signal handler for SIGUSR1. */
-        ASSERT_EQ(0, sigaction(SIGUSR1, &sigact, &oldsigact));
-        /* Raise SIGUSR1 and momentarily unblock it to run the handler. */
-        ASSERT_EQ(0, raise(SIGUSR1));
-        ASSERT_EQ(0, sigdelset(&sigset, SIGUSR1));
-        ASSERT_EQ(-1, sigsuspend(&sigset));
-        ASSERT_EQ(EINTR, errno);
-        /* Restore the original signal action, stack, and mask. */
-        ASSERT_EQ(0, sigaction(SIGUSR1, &oldsigact, NULL));
-        ASSERT_EQ(0, sigprocmask(SIG_SETMASK, &oldsigset, NULL));
-}
-static void
-populate_secret(char *buf, size_t len)
-{
-        int i, fds[2];
-        ASSERT_EQ(0, pipe(fds));
-        for (i = 0; i < SECRETCOUNT; i++)
-                ASSERT_EQ(sizeof(secret), write(fds[1], secret, sizeof(secret)));
-        ASSERT_EQ(0, close(fds[1]));
-        ASSERT_EQ(len, read(fds[0], buf, len));
-        ASSERT_EQ(0, close(fds[0]));
-}
-static int
-count_secrets(const char *buf)
-{
-        int res = 0;
-        size_t i;
-        for (i = 0; i < SECRETCOUNT; i++) {
-                if (memcmp(buf + i * sizeof(secret), secret,
-                    sizeof(secret)) == 0)
-                        res += 1;
-        }
-        return (res);
-}
-ATTRIBUTE_NO_SANITIZE_ADDRESS static char *
-test_without_bzero(void)
-{
-        char buf[SECRETBYTES];
-        assert_on_stack();
-        populate_secret(buf, sizeof(buf));
-        char *res = memmem(altstack, ALTSTACK_SIZE, buf, sizeof(buf));
-        ASSERT_NE(NULL, res);
-        return (res);
-}
-ATTRIBUTE_NO_SANITIZE_ADDRESS static char *
-test_with_bzero(void)
-{
-        char buf[SECRETBYTES];
-        assert_on_stack();
-        populate_secret(buf, sizeof(buf));
-        char *res = memmem(altstack, ALTSTACK_SIZE, buf, sizeof(buf));
-        ASSERT_NE(NULL, res);
-        explicit_bzero(buf, sizeof(buf));
-        return (res);
-}
-static void
-do_test_without_bzero(int signo)
-{
-        char *buf = test_without_bzero();
-        ASSERT_GE(count_secrets(buf), 1);
-}
-static void
-do_test_with_bzero(int signo)
-{
-        char *buf = test_with_bzero();
-        ASSERT_EQ(count_secrets(buf), 0);
-}
-int
-main(void)
-{
-        setup_stack();
-        /*
-         * Solaris and OS X clobber the signal stack after returning to the
-         * normal stack, so we need to inspect altstack while we're still
-         * running on it.  Unfortunately, this means we risk clobbering the
-         * buffer ourselves.
-         *
-         * To minimize this risk, test_with{,out}_bzero() are responsible for
-         * locating the offset of their buf variable within altstack, and
-         * and returning that address.  Then we can simply memcmp() repeatedly
-         * to count how many instances of secret we found.
-         */
-        /*
-         * First, test that if we *don't* call explicit_bzero, that we
-         * *are* able to find at least one instance of the secret data still
-         * on the stack.  This sanity checks that call_on_stack() and
-         * populate_secret() work as intended.
-         */
-        memset(altstack, 0, ALTSTACK_SIZE);
-        call_on_stack(do_test_without_bzero);
-        /*
-         * Now test with a call to explicit_bzero() and check that we
-         * *don't* find any instances of the secret data.
-         */
-        memset(altstack, 0, ALTSTACK_SIZE);
-        call_on_stack(do_test_with_bzero);
-        cleanup_stack();
-        return (0);
-}

diff --git a/src/regress/lib/libc/explicit_bzero/Makefile b/src/regress/lib/libc/explicit_bzero/Makefile deleted file mode 100644 index cd514a43a1..0000000000 --- a/src/regress/lib/libc/explicit_bzero/Makefile +++ /dev/null
@@ -1,5 +0,0 @@
1	# $OpenBSD: Makefile,v 1.1 2014/06/12 22:01:55 matthew Exp $
2
3	PROG= explicit_bzero
4
5	.include <bsd.regress.mk>


diff --git a/src/regress/lib/libc/explicit_bzero/explicit_bzero.c b/src/regress/lib/libc/explicit_bzero/explicit_bzero.c deleted file mode 100644 index 30c86290e8..0000000000 --- a/src/regress/lib/libc/explicit_bzero/explicit_bzero.c +++ /dev/null
@@ -1,227 +0,0 @@
1	/* $OpenBSD: explicit_bzero.c,v 1.10 2025/05/31 15:31:40 tb Exp $ */
2	/*
3	* Copyright (c) 2014 Google Inc.
4	*
5	* Permission to use, copy, modify, and distribute this software for any
6	* purpose with or without fee is hereby granted, provided that the above
7	* copyright notice and this permission notice appear in all copies.
8	*
9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	*/
17
18	#include <assert.h>
19	#include <errno.h>
20	#include <signal.h>
21	#include <stdlib.h>
22	#include <string.h>
23	#include <unistd.h>
24
25	#define ASSERT_EQ(a, b) assert((a) == (b))
26	#define ASSERT_NE(a, b) assert((a) != (b))
27	#define ASSERT_GE(a, b) assert((a) >= (b))
28
29	#if defined(__has_feature)
30	#if __has_feature(address_sanitizer)
31	#ifndef __SANITIZE_ADDRESS__
32	#define __SANITIZE_ADDRESS__
33	#endif
34	#endif
35	#endif
36	#ifdef __SANITIZE_ADDRESS__
37	#define ATTRIBUTE_NO_SANITIZE_ADDRESS __attribute__((no_sanitize_address))
38	#else
39	#define ATTRIBUTE_NO_SANITIZE_ADDRESS
40	#endif
41
42	/* 128 bits of random data. */
43	static const char secret[16] = {
44	0xa0, 0x6c, 0x0c, 0x81, 0xba, 0xd8, 0x5b, 0x0c,
45	0xb0, 0xd6, 0xd4, 0xe3, 0xeb, 0x52, 0x5f, 0x96,
46	};
47
48	enum {
49	SECRETCOUNT = 64,
50	SECRETBYTES = SECRETCOUNT * sizeof(secret)
51	};
52
53	/*
54	* As of glibc 2.34, when _GNU_SOURCE is defined, SIGSTKSZ is no longer
55	* constant on Linux. SIGSTKSZ is redefined to sysconf (_SC_SIGSTKSZ).
56	*/
57	static char *altstack;
58	#define ALTSTACK_SIZE (SIGSTKSZ + SECRETBYTES)
59
60	static void
61	setup_stack(void)
62	{
63	altstack = calloc(1, ALTSTACK_SIZE);
64	ASSERT_NE(NULL, altstack);
65
66	const stack_t sigstk = {
67	.ss_sp = altstack,
68	.ss_size = ALTSTACK_SIZE
69	};
70
71	ASSERT_EQ(0, sigaltstack(&sigstk, NULL));
72	}
73
74	static void
75	cleanup_stack(void)
76	{
77	free(altstack);
78	}
79
80	static void
81	assert_on_stack(void)
82	{
83	stack_t cursigstk;
84	ASSERT_EQ(0, sigaltstack(NULL, &cursigstk));
85	ASSERT_EQ(SS_ONSTACK, cursigstk.ss_flags & (SS_DISABLE\|SS_ONSTACK));
86	}
87
88	static void
89	call_on_stack(void (*fn)(int))
90	{
91	/*
92	* This is a bit more complicated than strictly necessary, but
93	* it ensures we don't have any flaky test failures due to
94	* inherited signal masks/actions/etc.
95	*
96	* On systems where SA_ONSTACK is not supported, this could
97	* alternatively be implemented using makecontext() or
98	* pthread_attr_setstack().
99	*/
100
101	const struct sigaction sigact = {
102	.sa_handler = fn,
103	.sa_flags = SA_ONSTACK,
104	};
105	struct sigaction oldsigact;
106	sigset_t sigset, oldsigset;
107
108	/* First, block all signals. */
109	ASSERT_EQ(0, sigemptyset(&sigset));
110	ASSERT_EQ(0, sigfillset(&sigset));
111	ASSERT_EQ(0, sigprocmask(SIG_BLOCK, &sigset, &oldsigset));
112
113	/* Next setup the signal handler for SIGUSR1. */
114	ASSERT_EQ(0, sigaction(SIGUSR1, &sigact, &oldsigact));
115
116	/* Raise SIGUSR1 and momentarily unblock it to run the handler. */
117	ASSERT_EQ(0, raise(SIGUSR1));
118	ASSERT_EQ(0, sigdelset(&sigset, SIGUSR1));
119	ASSERT_EQ(-1, sigsuspend(&sigset));
120	ASSERT_EQ(EINTR, errno);
121
122	/* Restore the original signal action, stack, and mask. */
123	ASSERT_EQ(0, sigaction(SIGUSR1, &oldsigact, NULL));
124	ASSERT_EQ(0, sigprocmask(SIG_SETMASK, &oldsigset, NULL));
125	}
126
127	static void
128	populate_secret(char *buf, size_t len)
129	{
130	int i, fds[2];
131	ASSERT_EQ(0, pipe(fds));
132
133	for (i = 0; i < SECRETCOUNT; i++)
134	ASSERT_EQ(sizeof(secret), write(fds[1], secret, sizeof(secret)));
135	ASSERT_EQ(0, close(fds[1]));
136
137	ASSERT_EQ(len, read(fds[0], buf, len));
138	ASSERT_EQ(0, close(fds[0]));
139	}
140
141	static int
142	count_secrets(const char *buf)
143	{
144	int res = 0;
145	size_t i;
146	for (i = 0; i < SECRETCOUNT; i++) {
147	if (memcmp(buf + i * sizeof(secret), secret,
148	sizeof(secret)) == 0)
149	res += 1;
150	}
151	return (res);
152	}
153
154	ATTRIBUTE_NO_SANITIZE_ADDRESS static char *
155	test_without_bzero(void)
156	{
157	char buf[SECRETBYTES];
158	assert_on_stack();
159	populate_secret(buf, sizeof(buf));
160	char *res = memmem(altstack, ALTSTACK_SIZE, buf, sizeof(buf));
161	ASSERT_NE(NULL, res);
162	return (res);
163	}
164
165	ATTRIBUTE_NO_SANITIZE_ADDRESS static char *
166	test_with_bzero(void)
167	{
168	char buf[SECRETBYTES];
169	assert_on_stack();
170	populate_secret(buf, sizeof(buf));
171	char *res = memmem(altstack, ALTSTACK_SIZE, buf, sizeof(buf));
172	ASSERT_NE(NULL, res);
173	explicit_bzero(buf, sizeof(buf));
174	return (res);
175	}
176
177	static void
178	do_test_without_bzero(int signo)
179	{
180	char *buf = test_without_bzero();
181	ASSERT_GE(count_secrets(buf), 1);
182	}
183
184	static void
185	do_test_with_bzero(int signo)
186	{
187	char *buf = test_with_bzero();
188	ASSERT_EQ(count_secrets(buf), 0);
189	}
190
191	int
192	main(void)
193	{
194	setup_stack();
195
196	/*
197	* Solaris and OS X clobber the signal stack after returning to the
198	* normal stack, so we need to inspect altstack while we're still
199	* running on it. Unfortunately, this means we risk clobbering the
200	* buffer ourselves.
201	*
202	* To minimize this risk, test_with{,out}_bzero() are responsible for
203	* locating the offset of their buf variable within altstack, and
204	* and returning that address. Then we can simply memcmp() repeatedly
205	* to count how many instances of secret we found.
206	*/
207
208	/*
209	* First, test that if we don't call explicit_bzero, that we
210	* are able to find at least one instance of the secret data still
211	* on the stack. This sanity checks that call_on_stack() and
212	* populate_secret() work as intended.
213	*/
214	memset(altstack, 0, ALTSTACK_SIZE);
215	call_on_stack(do_test_without_bzero);
216
217	/*
218	* Now test with a call to explicit_bzero() and check that we
219	* don't find any instances of the secret data.
220	*/
221	memset(altstack, 0, ALTSTACK_SIZE);
222	call_on_stack(do_test_with_bzero);
223
224	cleanup_stack();
225
226	return (0);
227	}