summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2016-01-07 12:53:24 -0800
committerNick Mathewson <nickm@torproject.org>2016-01-07 12:53:24 -0800
commit3783046f3b519533fc721472f38ccf437d2d12a5 (patch)
treec45773b7f07a6f2eda1a07934557a2153dc4aaf8
parent8d6aafbb4a7f4f9748b88f5ce16675900559149e (diff)
downloadtor-3783046f3b519533fc721472f38ccf437d2d12a5.tar.gz
tor-3783046f3b519533fc721472f38ccf437d2d12a5.zip
Use memset_s or explicit_bzero when available.
-rw-r--r--changes/74197
-rw-r--r--configure.ac2
-rw-r--r--src/common/crypto.c8
3 files changed, 17 insertions, 0 deletions
diff --git a/changes/7419 b/changes/7419
new file mode 100644
index 0000000000..b792e8f6a0
--- /dev/null
+++ b/changes/7419
@@ -0,0 +1,7 @@
+ o Minor enhancement (security):
+ - Use explicit_bzero when present
+ from <logan@hackers.mu>.
+ - Use memset_s when present
+ from <selven@hackers.mu>
+
+ 625538405474972d627b26d7a250ea36 (:
diff --git a/configure.ac b/configure.ac
index 7dfab58cf4..b62b4d36af 100644
--- a/configure.ac
+++ b/configure.ac
@@ -381,6 +381,7 @@ AC_CHECK_FUNCS(
backtrace_symbols_fd \
clock_gettime \
eventfd \
+ explicit_bzero \
timingsafe_memcmp \
flock \
ftime \
@@ -399,6 +400,7 @@ AC_CHECK_FUNCS(
localtime_r \
lround \
memmem \
+ memset_s \
pipe \
pipe2 \
prctl \
diff --git a/src/common/crypto.c b/src/common/crypto.c
index bcb06e09df..e62cc0a511 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2970,7 +2970,15 @@ memwipe(void *mem, uint8_t byte, size_t sz)
* ...or maybe not. In practice, there are pure-asm implementations of
* OPENSSL_cleanse() on most platforms, which ought to do the job.
**/
+
+#ifdef HAVE_EXPLICIT_BZERO
+ explicit_bzero(mem, sz);
+#elif HAVE_MEMSET_S
+ memset_s( mem, sz, 0, sz );
+#else
OPENSSL_cleanse(mem, sz);
+#endif
+
/* Just in case some caller of memwipe() is relying on getting a buffer
* filled with a particular value, fill the buffer.
*