PKG_CHECK_MODULES([GNUTLS], [gnutls >= 3.1.11], [
[HAVE_GNUTLS=1]
AC_DEFINE([HAVE_GNUTLS], [1], [Define to 1 if you have GnuTLS])
+ save_CFLAGS=$CFLAGS
+ save_LIBS=$LIBS
+ CFLAGS="$GNUTLS_CFLAGS $CFLAGS"
+ LIBS="$GNUTLS_LIBS $LIBS"
+ AC_CHECK_FUNCS([gnutls_memset])
+ CFLAGS=$save_CFLAGS
+ LIBS=$save_LIBS
+
], [ : ])
])
])
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
+#ifndef HAVE_LIBSODIUM
+void safe_memset(void* data, int c, size_t size)
+{
+#ifdef HAVE_GNUTLS_MEMSET
+ gnutls_memset(data, c, size);
+#else
+ /* shamelessly taken from Dovecot's src/lib/safe-memset.c */
+ volatile unsigned int volatile_zero_idx = 0;
+ volatile unsigned char *p = reinterpret_cast<volatile unsigned char *>(data);
+
+ if (size == 0)
+ return;
+
+ do {
+ memset(data, c, size);
+ } while (p[volatile_zero_idx] != c);
+#endif /* HAVE_GNUTLS_MEMSET */
+}
+#endif /* HAVE_LIBSODIUM */
+
class GnuTLSTicketsKey
{
public:
catch (const std::exception& e) {
#ifdef HAVE_LIBSODIUM
sodium_munlock(d_key.data, d_key.size);
+#else
+ safe_memset(d_key.data, 0, d_key.size);
#endif /* HAVE_LIBSODIUM */
gnutls_free(d_key.data);
throw;
#ifdef HAVE_LIBSODIUM
sodium_munlock(d_key.data, d_key.size);
#else
- gnutls_memset(d_key.data, 0, d_key.size);
+ safe_memset(d_key.data, 0, d_key.size);
#endif /* HAVE_LIBSODIUM */
}
gnutls_free(d_key.data);
projects / thirdparty / pdns.git / commitdiff
