Using modern secure function to clear memory when available.

diff --git a/configure.ac b/configure.ac
index 89072f0508e7bf18a9aac96f51f11292fd66b6f7..194ea0d49e06b2cd5297c980924800f8f6971223 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -12,6 +12,7 @@ AC_ARG_WITH(tfm, AS_HELP_STRING([--with-tfm], [Use tfm (TomsFastMath) instead of
 AM_CONDITIONAL(WITH_OPENSSL, [test x"$with_openssl" != xno])
 AM_CONDITIONAL(WITH_TOMMATH, [test x"$with_tommath" != xno])
 AM_CONDITIONAL(WITH_TOMSFASTMATH, [test x"$with_tfm" != xno])
+AC_CHECK_FUNCS(explicit_bzero memset_s)
 
 AS_IF([test x"$with_tommath" != xno],
        [AC_SEARCH_LIBS(mp_init, tommath, ,

diff --git a/sha2.c b/sha2.c
index 1ca0f810810a88eb78bbfa45f00b5c13a9189088..4d31cec38cab843e09cabccfe4fd6ba13f8f7f72 100644 (file)
--- a/sha2.c
+++ b/sha2.c
@@ -189,6 +189,14 @@ typedef u_int64_t sha2_word64;     /* Exactly 8 bytes */
 #define MEMCPY_BCOPY(d,s,l)    bcopy((s), (d), (l))
 #endif
 
+#if HAVE_MEMSET_S
+#undef MEMSET_BZERO
+#define MEMSET_BZERO(p, l)      memset_s((p), (l), 0, (l))
+#elif HAVE_EXPLICIT_BZERO
+#undef MEMSET_BZERO
+#define MEMSET_BZERO(p, l)      explicit_bzero((p), (l))
+#endif
+
 
 /*** THE SIX LOGICAL FUNCTIONS ****************************************/
 /*