commit 3783046f3b519533fc721472f38ccf437d2d12a5 Author: Nick Mathewson nickm@torproject.org Date: Thu Jan 7 12:53:24 2016 -0800
Use memset_s or explicit_bzero when available. --- changes/7419 | 7 +++++++ configure.ac | 2 ++ src/common/crypto.c | 8 ++++++++ 3 files changed, 17 insertions(+)
diff --git a/changes/7419 b/changes/7419 new file mode 100644 index 0000000..b792e8f --- /dev/null +++ b/changes/7419 @@ -0,0 +1,7 @@ + o Minor enhancement (security): + - Use explicit_bzero when present + from logan@hackers.mu. + - Use memset_s when present + from selven@hackers.mu + + 625538405474972d627b26d7a250ea36 (: diff --git a/configure.ac b/configure.ac index 7dfab58..b62b4d3 100644 --- a/configure.ac +++ b/configure.ac @@ -381,6 +381,7 @@ AC_CHECK_FUNCS( backtrace_symbols_fd \ clock_gettime \ eventfd \ + explicit_bzero \ timingsafe_memcmp \ flock \ ftime \ @@ -399,6 +400,7 @@ AC_CHECK_FUNCS( localtime_r \ lround \ memmem \ + memset_s \ pipe \ pipe2 \ prctl \ diff --git a/src/common/crypto.c b/src/common/crypto.c index bcb06e0..e62cc0a 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -2970,7 +2970,15 @@ memwipe(void *mem, uint8_t byte, size_t sz) * ...or maybe not. In practice, there are pure-asm implementations of * OPENSSL_cleanse() on most platforms, which ought to do the job. **/ + +#ifdef HAVE_EXPLICIT_BZERO + explicit_bzero(mem, sz); +#elif HAVE_MEMSET_S + memset_s( mem, sz, 0, sz ); +#else OPENSSL_cleanse(mem, sz); +#endif + /* Just in case some caller of memwipe() is relying on getting a buffer * filled with a particular value, fill the buffer. *
tor-commits@lists.torproject.org