Ticket #7419: memset_s_explicit_bzero.diff

File memset_s_explicit_bzero.diff, 1.4 KB (added by selven@…, 4 years ago)

new diff, with changes files pointing to this ticket added.

  • new file changes/7419

    diff --git a/changes/7419 b/changes/7419
    new file mode 100644
    index 0000000..b792e8f
    - +  
     1  o Minor enhancement (security):
     2    - Use explicit_bzero when present
     3      from <logan@hackers.mu>.
     4    - Use memset_s when present
     5      from <selven@hackers.mu>
     6
     7    625538405474972d627b26d7a250ea36 (:
  • configure.ac

    diff --git a/configure.ac b/configure.ac
    index a47cee6..64a6860 100644
    a b AC_CHECK_FUNCS( 
    381381        backtrace_symbols_fd \
    382382        clock_gettime \
    383383        eventfd \
     384        explicit_bzero \
    384385        timingsafe_memcmp \
    385386        flock \
    386387        ftime \
    AC_CHECK_FUNCS( 
    398399        localtime_r \
    399400        lround \
    400401        memmem \
     402        memset_s \
    401403        pipe \
    402404        pipe2 \
    403405        prctl \
  • src/common/crypto.c

    diff --git a/src/common/crypto.c b/src/common/crypto.c
    index bcb06e0..e62cc0a 100644
    a b memwipe(void *mem, uint8_t byte, size_t sz) 
    29702970   * ...or maybe not.  In practice, there are pure-asm implementations of
    29712971   * OPENSSL_cleanse() on most platforms, which ought to do the job.
    29722972   **/
     2973
     2974#ifdef HAVE_EXPLICIT_BZERO
     2975  explicit_bzero(mem, sz);
     2976#elif HAVE_MEMSET_S
     2977  memset_s( mem, sz, 0, sz );
     2978#else
    29732979  OPENSSL_cleanse(mem, sz);
     2980#endif
     2981
    29742982  /* Just in case some caller of memwipe() is relying on getting a buffer
    29752983   * filled with a particular value, fill the buffer.
    29762984   *