From 4000041d0ea6f7fccea67d2ac3d8205270b1cf1a Mon Sep 17 00:00:00 2001 From: Yann Ylavic Date: Tue, 28 Jun 2022 16:09:12 +0000 Subject: apr_strings: Provide apr_memzero_explicit() in APR. This function is handy outside apu_crypto usage, don't require users to link to APU for the feature. This commit moves the apr_crypto_memzero() implementation to apr_strings under the apr_memzero_explicit() name, and replaces the calls to the former with the latter, and apr_crypto_memzero() now calls apr_memzero_explicit() directly. * include/apr_strings.h(): Declare apr_memzero_explicit(). * strings/apr_strings.c(): Implement apr_memzero_explicit() by moving/renaming the code from apu_crypto. * crypto/apr_crypto.c(apr_crypto_memzero): Fall back to apr_memzero_explicit(). * crypto/apr_crypto.c(crypto_clear): Use apr_memzero_explicit() instead of apr_crypto_memzero(). * crypto/apr_crypto_prng.c(cprng_cleanup, cprng_stream_bytes, apr_crypto_prng_reseed, cprng_bytes, apr_crypto_prng_rekey, apr_crypto_prng_after_fork): Use apr_memzero_explicit() instead of apr_crypto_memzero(). * crypto/apr_md4.c(MD4Transform): Use apr_memzero_explicit() instead of apr_crypto_memzero(). git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1902323 13f79535-47bb-0310-9956-ffa450edef68 --- strings/apr_strings.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'strings') diff --git a/strings/apr_strings.c b/strings/apr_strings.c index beca6d480..2519f95b9 100644 --- a/strings/apr_strings.c +++ b/strings/apr_strings.c @@ -212,6 +212,38 @@ APR_DECLARE(char *) apr_pstrcatv(apr_pool_t *a, const struct iovec *vec, return res; } +#if defined(HAVE_WEAK_SYMBOLS) +void apr__memzero_explicit(void *buffer, apr_size_t size); + +__attribute__ ((weak)) +void apr__memzero_explicit(void *buffer, apr_size_t size) +{ + memset(buffer, 0, size); +} +#endif + +APR_DECLARE(apr_status_t) apr_memzero_explicit(void *buffer, apr_size_t size) +{ +#if defined(WIN32) + SecureZeroMemory(buffer, size); +#elif defined(HAVE_EXPLICIT_BZERO) + explicit_bzero(buffer, size); +#elif defined(HAVE_MEMSET_S) + if (size) { + return memset_s(buffer, (rsize_t)size, 0, (rsize_t)size); + } +#elif defined(HAVE_WEAK_SYMBOLS) + apr__memzero_explicit(buffer, size); +#else + apr_size_t i; + volatile unsigned char *volatile ptr = buffer; + for (i = 0; i < size; ++i) { + ptr[i] = 0; + } +#endif + return APR_SUCCESS; +} + #if (!APR_HAVE_MEMCHR) void *memchr(const void *s, int c, size_t n) { -- cgit v1.2.1