Use memset_s or explicit_bzero when available.

diff --git a/changes/7419 b/changes/7419
new file mode 100644 (file)
index 0000000..b792e8f
--- /dev/null
+++ b/changes/7419
@@ -0,0 +1,7 @@
+  o Minor enhancement (security):
+    - Use explicit_bzero when present
+      from <logan@hackers.mu>.
+    - Use memset_s when present
+      from <selven@hackers.mu>
+
+    625538405474972d627b26d7a250ea36 (:

diff --git a/configure.ac b/configure.ac
index 7dfab58cf4c7c628d30a7b38b95263eebe93f3e3..b62b4d36afc215271b8df7d551a17b2f896b8862 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -381,6 +381,7 @@ AC_CHECK_FUNCS(
         backtrace_symbols_fd \
         clock_gettime \
        eventfd \
+       explicit_bzero \
        timingsafe_memcmp \
         flock \
         ftime \
@@ -399,6 +400,7 @@ AC_CHECK_FUNCS(
         localtime_r \
         lround \
         memmem \
+        memset_s \
        pipe \
        pipe2 \
         prctl \

diff --git a/src/common/crypto.c b/src/common/crypto.c
index bcb06e09df37ee0ed6a450f29a8b5c53e78c7d3c..e62cc0a5113f9c7707f4b8de6ea6a62b05dc4a8c 100644 (file)
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2970,7 +2970,15 @@ memwipe(void *mem, uint8_t byte, size_t sz)
    * ...or maybe not.  In practice, there are pure-asm implementations of
    * OPENSSL_cleanse() on most platforms, which ought to do the job.
    **/
+
+#ifdef HAVE_EXPLICIT_BZERO
+  explicit_bzero(mem, sz);
+#elif HAVE_MEMSET_S
+  memset_s( mem, sz, 0, sz );
+#else
   OPENSSL_cleanse(mem, sz);
+#endif
+
   /* Just in case some caller of memwipe() is relying on getting a buffer
    * filled with a particular value, fill the buffer.
    *