commit fb373a9ef6f07229b20cf1176522c625cd5c0a4d Author: rl1987 rl1987@sdf.lonestar.org Date: Sun Jan 3 17:08:21 2016 +0100

On win32, use SecureZeroMemory() to securely wipe buffers.

{Also tweak the comments. -nickm) --- changes/feature17986 | 3 +++ src/common/crypto.c | 15 ++++++++++----- 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/changes/feature17986 b/changes/feature17986 new file mode 100644 index 0000000..ef82bd3 --- /dev/null +++ b/changes/feature17986 @@ -0,0 +1,3 @@ + o Minor features: + - Use SecureMemoryWipe() function to securely clean memory on + Windows. Implements feature 17986. diff --git a/src/common/crypto.c b/src/common/crypto.c index e62cc0a..134e69a 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -2960,6 +2960,16 @@ memwipe(void *mem, uint8_t byte, size_t sz) * have this function call "memset". A smart compiler could inline it, then * eliminate dead memsets, and declare itself to be clever. */

+#ifdef _WIN32 + /* Here's what you do on windows. */ + SecureZeroMemory(mem,sz); +#elif defined(HAVE_EXPLICIT_BZERO) + /* The BSDs provide this. */ + explicit_bzero(mem, sz); +#elif defined(HAVE_MEMSET_S) + /* This is in the C99 standard. */ + memset_s(mem, sz, 0, sz); +#else /* This is a slow and ugly function from OpenSSL that fills 'mem' with junk * based on the pointer value, then uses that junk to update a global * variable. It's an elaborate ruse to trick the compiler into not @@ -2971,11 +2981,6 @@ memwipe(void *mem, uint8_t byte, size_t sz) * OPENSSL_cleanse() on most platforms, which ought to do the job. **/

-#ifdef HAVE_EXPLICIT_BZERO - explicit_bzero(mem, sz); -#elif HAVE_MEMSET_S - memset_s( mem, sz, 0, sz ); -#else OPENSSL_cleanse(mem, sz); #endif