Commit 3783046f authored by Nick Mathewson's avatar Nick Mathewson 👁
Browse files

Use memset_s or explicit_bzero when available.

parent 8d6aafbb
o Minor enhancement (security):
- Use explicit_bzero when present
from <logan@hackers.mu>.
- Use memset_s when present
from <selven@hackers.mu>
625538405474972d627b26d7a250ea36 (:
......@@ -381,6 +381,7 @@ AC_CHECK_FUNCS(
backtrace_symbols_fd \
clock_gettime \
eventfd \
explicit_bzero \
timingsafe_memcmp \
flock \
ftime \
......@@ -399,6 +400,7 @@ AC_CHECK_FUNCS(
localtime_r \
lround \
memmem \
memset_s \
pipe \
pipe2 \
prctl \
......
......@@ -2970,7 +2970,15 @@ memwipe(void *mem, uint8_t byte, size_t sz)
* ...or maybe not. In practice, there are pure-asm implementations of
* OPENSSL_cleanse() on most platforms, which ought to do the job.
**/
#ifdef HAVE_EXPLICIT_BZERO
explicit_bzero(mem, sz);
#elif HAVE_MEMSET_S
memset_s( mem, sz, 0, sz );
#else
OPENSSL_cleanse(mem, sz);
#endif
/* Just in case some caller of memwipe() is relying on getting a buffer
* filled with a particular value, fill the buffer.
*
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment