From 8e030814013323e9ae3ef2087769ef6cf66fda6a Mon Sep 17 00:00:00 2001
From: Christophe Jaillet <jailletc36@apache.org>
Date: Mon, 28 May 2018 19:45:56 +0000
Subject: Better stack memseting of sensitive information.

Why is 'apr_crypto_memzero()' only available if APU_HAVE_CRYPTO=1?

See PR 55738

git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1832415 13f79535-47bb-0310-9956-ffa450edef68
---
 crypto/apr_md4.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'crypto')

diff --git a/crypto/apr_md4.c b/crypto/apr_md4.c
index d983cbae5..22a0926e7 100644
--- a/crypto/apr_md4.c
+++ b/crypto/apr_md4.c
@@ -41,6 +41,7 @@
 #include "apr_strings.h"
 #include "apr_md4.h"
 #include "apr_lib.h"
+#include "apr_crypto.h"     /* for apr_crypto_memzero, if available */
 
 #if APR_HAVE_STRING_H
 #include <string.h>
@@ -359,7 +360,11 @@ static void MD4Transform(apr_uint32_t state[4], const unsigned char block[64])
     state[3] += d;
     
     /* Zeroize sensitive information. */
+#if APU_HAVE_CRYPTO
+    apr_crypto_memzero(x, sizeof(x));
+#else
     memset(x, 0, sizeof(x));
+#endif
 }
 
 /* Encodes input (apr_uint32_t) into output (unsigned char). Assumes len is
-- 
cgit v1.2.1