Try a little harder to only use SecureZeroMemory when it's present

We could be using AC_CHECK_FUNC_DECL too, but it shouldn't be needed.
This commit is contained in:
Nick Mathewson 2016-01-11 09:02:42 -05:00
parent d10ea49588
commit 1d6dd288e1
3 changed files with 13 additions and 3 deletions

View File

@ -376,6 +376,8 @@ AM_CONDITIONAL(THREADS_PTHREADS, test "$bwin32" = "false")
AC_CHECK_FUNCS( AC_CHECK_FUNCS(
_NSGetEnviron \ _NSGetEnviron \
RtlSecureZeroMemory \
SecureZeroMemory \
accept4 \ accept4 \
backtrace \ backtrace \
backtrace_symbols_fd \ backtrace_symbols_fd \

View File

@ -19,8 +19,14 @@
#error "We require OpenSSL >= 1.0.0" #error "We require OpenSSL >= 1.0.0"
#endif #endif
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0) || \ #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && \
defined(LIBRESSL_VERSION_NUMBER) ! defined(LIBRESSL_VERSION_NUMBER)
/* We define this macro if we're trying to build with the majorly refactored
* API in OpenSSL 1.1 */
#define OPENSSL_1_1_API
#endif
#ifndef OPENSSL_1_1_API
#define OPENSSL_VERSION SSLEAY_VERSION #define OPENSSL_VERSION SSLEAY_VERSION
#define OpenSSL_version(v) SSLeay_version(v) #define OpenSSL_version(v) SSLeay_version(v)
#define OpenSSL_version_num() SSLeay() #define OpenSSL_version_num() SSLeay()

View File

@ -2960,9 +2960,11 @@ memwipe(void *mem, uint8_t byte, size_t sz)
* have this function call "memset". A smart compiler could inline it, then * have this function call "memset". A smart compiler could inline it, then
* eliminate dead memsets, and declare itself to be clever. */ * eliminate dead memsets, and declare itself to be clever. */
#ifdef _WIN32 #if defined(SecureZeroMemory) || defined(HAVE_SECUREZEROMEMORY)
/* Here's what you do on windows. */ /* Here's what you do on windows. */
SecureZeroMemory(mem,sz); SecureZeroMemory(mem,sz);
#elif defined(HAVE_RTLSECUREZEROMEMORY)
RtlSecureZeroMemory(mem,sz);
#elif defined(HAVE_EXPLICIT_BZERO) #elif defined(HAVE_EXPLICIT_BZERO)
/* The BSDs provide this. */ /* The BSDs provide this. */
explicit_bzero(mem, sz); explicit_bzero(mem, sz);