Try a little harder to only use SecureZeroMemory when it's present

We could be using AC_CHECK_FUNC_DECL too, but it shouldn't be needed.

2 files changed, 11 insertions, 3 deletions

diff --git a/src/common/compat_openssl.h b/src/common/compat_openssl.h
index 5825ff7a4d..9c98181bdd 100644
--- a/src/common/compat_openssl.h
+++ b/src/common/compat_openssl.h
@@ -19,8 +19,14 @@
 #error "We require OpenSSL >= 1.0.0"
 #endif
 
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0) || \
-   defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && \
+   ! defined(LIBRESSL_VERSION_NUMBER)
+/* We define this macro if we're trying to build with the majorly refactored
+ * API in OpenSSL 1.1 */
+#define OPENSSL_1_1_API
+#endif
+
+#ifndef OPENSSL_1_1_API
 #define OPENSSL_VERSION SSLEAY_VERSION
 #define OpenSSL_version(v) SSLeay_version(v)
 #define OpenSSL_version_num() SSLeay()
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 2f498ac6be..9cc5ee01fa 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2960,9 +2960,11 @@ memwipe(void *mem, uint8_t byte, size_t sz)
    * have this function call "memset".  A smart compiler could inline it, then
    * eliminate dead memsets, and declare itself to be clever. */
 
-#ifdef _WIN32
+#if defined(SecureZeroMemory) || defined(HAVE_SECUREZEROMEMORY)
   /* Here's what you do on windows. */
   SecureZeroMemory(mem,sz);
+#elif defined(HAVE_RTLSECUREZEROMEMORY)
+  RtlSecureZeroMemory(mem,sz);
 #elif defined(HAVE_EXPLICIT_BZERO)
   /* The BSDs provide this. */
   explicit_bzero(mem, sz);