diff options
Diffstat (limited to 'crypto/apr_crypto_prng.c')
-rw-r--r-- | crypto/apr_crypto_prng.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/crypto/apr_crypto_prng.c b/crypto/apr_crypto_prng.c index 842987f95..cd4a2044d 100644 --- a/crypto/apr_crypto_prng.c +++ b/crypto/apr_crypto_prng.c @@ -43,12 +43,13 @@ #include "apr_crypto.h" #include "apr_crypto_internal.h" +#include "apr_strings.h" + #if APU_HAVE_CRYPTO #if APU_HAVE_CRYPTO_PRNG #include "apr_ring.h" #include "apr_pools.h" -#include "apr_strings.h" #include "apr_thread_mutex.h" #include "apr_thread_proc.h" @@ -263,7 +264,7 @@ static apr_status_t cprng_cleanup(void *arg) } if (cprng->key) { - apr_crypto_memzero(cprng->key, CPRNG_KEY_SIZE + cprng->len); + apr_memzero_explicit(cprng->key, CPRNG_KEY_SIZE + cprng->len); } if (!cprng->pool) { @@ -435,7 +436,7 @@ static apr_status_t cprng_stream_bytes(apr_crypto_prng_t *cprng, rv = cprng->crypto->provider->cprng_stream_ctx_bytes(&cprng->ctx, cprng->key, to, len, cprng->buf); if (rv != APR_SUCCESS && len) { - apr_crypto_memzero(to, len); + apr_memzero_explicit(to, len); } return rv; } @@ -456,7 +457,7 @@ APR_DECLARE(apr_status_t) apr_crypto_prng_reseed(apr_crypto_prng_t *cprng, cprng_lock(cprng); cprng->pos = cprng->len; - apr_crypto_memzero(cprng->buf, cprng->len); + apr_memzero_explicit(cprng->buf, cprng->len); if (seed) { apr_size_t n = 0; do { @@ -528,7 +529,7 @@ static apr_status_t cprng_bytes(apr_crypto_prng_t *cprng, * both forward secrecy and cleared next mixed data. */ memcpy(ptr, cprng->buf + cprng->pos, n); - apr_crypto_memzero(cprng->buf + cprng->pos, n); + apr_memzero_explicit(cprng->buf + cprng->pos, n); cprng->pos += n; ptr += n; @@ -576,7 +577,7 @@ APR_DECLARE(apr_status_t) apr_crypto_prng_rekey(apr_crypto_prng_t *cprng) /* Clear state and renew the key. */ cprng->pos = cprng->len; - apr_crypto_memzero(cprng->buf, cprng->len); + apr_memzero_explicit(cprng->buf, cprng->len); rv = cprng_stream_bytes(cprng, NULL, 0); cprng_unlock(cprng); @@ -627,7 +628,7 @@ APR_DECLARE(apr_status_t) apr_crypto_prng_after_fork(apr_crypto_prng_t *cprng, * and that nothing is left over from the initial state in both processes. */ cprng->pos = cprng->len; - apr_crypto_memzero(cprng->buf, cprng->len); + apr_memzero_explicit(cprng->buf, cprng->len); if (!is_child) { rv = cprng_stream_bytes(cprng, cprng->key, CPRNG_KEY_SIZE); } |