Use memset_s or explicit_bzero when available.

2016-01-07 12:53:24 -08:00 · 2016-01-07 12:53:24 -08:00 · 3783046f3b
parent 8d6aafbb4a
commit 3783046f3b
3 changed files with 17 additions and 0 deletions
--- a/changes/7419
+++ b/changes/7419
@ -0,0 +1,7 @@
+  o Minor enhancement (security):
+    - Use explicit_bzero when present
+      from <logan@hackers.mu>.
+    - Use memset_s when present
+      from <selven@hackers.mu>
+
+    625538405474972d627b26d7a250ea36 (:
--- a/configure.ac
+++ b/configure.ac
@ -381,6 +381,7 @@ AC_CHECK_FUNCS(
        backtrace_symbols_fd \
        clock_gettime \
 	eventfd \
+	explicit_bzero \
 	timingsafe_memcmp \
        flock \
        ftime \
@ -399,6 +400,7 @@ AC_CHECK_FUNCS(
        localtime_r \
        lround \
        memmem \
+        memset_s \
 	pipe \
 	pipe2 \
        prctl \
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@ -2970,7 +2970,15 @@ memwipe(void *mem, uint8_t byte, size_t sz)
   * ...or maybe not.  In practice, there are pure-asm implementations of
   * OPENSSL_cleanse() on most platforms, which ought to do the job.
   **/
+
+#ifdef HAVE_EXPLICIT_BZERO
+  explicit_bzero(mem, sz);
+#elif HAVE_MEMSET_S
+  memset_s( mem, sz, 0, sz );
+#else
  OPENSSL_cleanse(mem, sz);
+#endif
+
  /* Just in case some caller of memwipe() is relying on getting a buffer
   * filled with a particular value, fill the buffer.
   *