From 3783046f3b519533fc721472f38ccf437d2d12a5 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 7 Jan 2016 12:53:24 -0800 Subject: [PATCH] Use memset_s or explicit_bzero when available. --- changes/7419 | 7 +++++++ configure.ac | 2 ++ src/common/crypto.c | 8 ++++++++ 3 files changed, 17 insertions(+) create mode 100644 changes/7419 diff --git a/changes/7419 b/changes/7419 new file mode 100644 index 0000000000..b792e8f6a0 --- /dev/null +++ b/changes/7419 @@ -0,0 +1,7 @@ + o Minor enhancement (security): + - Use explicit_bzero when present + from . + - Use memset_s when present + from + + 625538405474972d627b26d7a250ea36 (: diff --git a/configure.ac b/configure.ac index 7dfab58cf4..b62b4d36af 100644 --- a/configure.ac +++ b/configure.ac @@ -381,6 +381,7 @@ AC_CHECK_FUNCS( backtrace_symbols_fd \ clock_gettime \ eventfd \ + explicit_bzero \ timingsafe_memcmp \ flock \ ftime \ @@ -399,6 +400,7 @@ AC_CHECK_FUNCS( localtime_r \ lround \ memmem \ + memset_s \ pipe \ pipe2 \ prctl \ diff --git a/src/common/crypto.c b/src/common/crypto.c index bcb06e09df..e62cc0a511 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -2970,7 +2970,15 @@ memwipe(void *mem, uint8_t byte, size_t sz) * ...or maybe not. In practice, there are pure-asm implementations of * OPENSSL_cleanse() on most platforms, which ought to do the job. **/ + +#ifdef HAVE_EXPLICIT_BZERO + explicit_bzero(mem, sz); +#elif HAVE_MEMSET_S + memset_s( mem, sz, 0, sz ); +#else OPENSSL_cleanse(mem, sz); +#endif + /* Just in case some caller of memwipe() is relying on getting a buffer * filled with a particular value, fill the buffer. *