Better stack memseting of sensitive information.

Why is 'apr_crypto_memzero()' only available if APU_HAVE_CRYPTO=1? See PR 55738 git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1832415 13f79535-47bb-0310-9956-ffa450edef68
author: Christophe Jaillet <jailletc36@apache.org> 2018-05-28 19:45:56 +0000
committer: Christophe Jaillet <jailletc36@apache.org> 2018-05-28 19:45:56 +0000
commit: 8e030814013323e9ae3ef2087769ef6cf66fda6a (patch)
tree: 714ee5f5e0c149fe09c852a8680fe484e86702c3 /crypto
parent: 96192893c37c4204bc8720264495223da9875035 (diff)
download: apr-8e030814013323e9ae3ef2087769ef6cf66fda6a.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/crypto/apr_md4.c b/crypto/apr_md4.c
index d983cbae5..22a0926e7 100644
--- a/crypto/apr_md4.c
+++ b/crypto/apr_md4.c
@@ -41,6 +41,7 @@
 #include "apr_strings.h"
 #include "apr_md4.h"
 #include "apr_lib.h"
+#include "apr_crypto.h"     /* for apr_crypto_memzero, if available */
 
 #if APR_HAVE_STRING_H
 #include <string.h>
@@ -359,7 +360,11 @@ static void MD4Transform(apr_uint32_t state[4], const unsigned char block[64])
     state[3] += d;
     
     /* Zeroize sensitive information. */
+#if APU_HAVE_CRYPTO
+    apr_crypto_memzero(x, sizeof(x));
+#else
     memset(x, 0, sizeof(x));
+#endif
 }
 
 /* Encodes input (apr_uint32_t) into output (unsigned char). Assumes len is
author	Christophe Jaillet <jailletc36@apache.org>	2018-05-28 19:45:56 +0000
committer	Christophe Jaillet <jailletc36@apache.org>	2018-05-28 19:45:56 +0000
commit	8e030814013323e9ae3ef2087769ef6cf66fda6a (patch)
tree	714ee5f5e0c149fe09c852a8680fe484e86702c3 /crypto
parent	96192893c37c4204bc8720264495223da9875035 (diff)
download	apr-8e030814013323e9ae3ef2087769ef6cf66fda6a.tar.gz