On win32, use SecureZeroMemory() to securely wipe buffers.

{Also tweak the comments. -nickm)

diff --git a/changes/feature17986 b/changes/feature17986
new file mode 100644 (file)
index 0000000..ef82bd3
--- /dev/null
+++ b/changes/feature17986
@@ -0,0 +1,3 @@
+  o Minor features:
+    - Use SecureMemoryWipe() function to securely clean memory on
+      Windows. Implements feature 17986.

diff --git a/src/common/crypto.c b/src/common/crypto.c
index e62cc0a5113f9c7707f4b8de6ea6a62b05dc4a8c..134e69aa20eeeb9a5b6a4206ea2185d729237a43 100644 (file)
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2960,6 +2960,16 @@ memwipe(void *mem, uint8_t byte, size_t sz)
    * have this function call "memset".  A smart compiler could inline it, then
    * eliminate dead memsets, and declare itself to be clever. */
 
+#ifdef _WIN32
+  /* Here's what you do on windows. */
+  SecureZeroMemory(mem,sz);
+#elif defined(HAVE_EXPLICIT_BZERO)
+  /* The BSDs provide this. */
+  explicit_bzero(mem, sz);
+#elif defined(HAVE_MEMSET_S)
+  /* This is in the C99 standard. */
+  memset_s(mem, sz, 0, sz);
+#else
   /* This is a slow and ugly function from OpenSSL that fills 'mem' with junk
    * based on the pointer value, then uses that junk to update a global
    * variable.  It's an elaborate ruse to trick the compiler into not
@@ -2971,11 +2981,6 @@ memwipe(void *mem, uint8_t byte, size_t sz)
    * OPENSSL_cleanse() on most platforms, which ought to do the job.
    **/
 
-#ifdef HAVE_EXPLICIT_BZERO
-  explicit_bzero(mem, sz);
-#elif HAVE_MEMSET_S
-  memset_s( mem, sz, 0, sz );
-#else
   OPENSSL_cleanse(mem, sz);
 #endif