Better stack memseting of sensitive information.

Why is 'apr_crypto_memzero()' only available if APU_HAVE_CRYPTO=1? See PR 55738 Backport of r1832415 from trunk. git-svn-id: http://svn.apache.org/repos/asf/apr/apr-util/branches/1.6.x@1839049 13f79535-47bb-0310-9956-ffa450edef68
author: rjung <rjung@13f79535-47bb-0310-9956-ffa450edef68> 2018-08-25 13:34:08 +0000
committer: rjung <rjung@13f79535-47bb-0310-9956-ffa450edef68> 2018-08-25 13:34:08 +0000
commit: d9c42a88e1c89a992d2dba14bab2f8d2edc33758 (patch)
tree: 4c46b2ab1941094c824035bcbde69fe3ceeeffbb
parent: c3dd9e199c1403b5457673dfd14693dd937a0277 (diff)
download: libapr-util-d9c42a88e1c89a992d2dba14bab2f8d2edc33758.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/crypto/apr_md4.c b/crypto/apr_md4.c
index ada51400..9d58193f 100644
--- a/crypto/apr_md4.c
+++ b/crypto/apr_md4.c
@@ -41,6 +41,7 @@
 #include "apr_strings.h"
 #include "apr_md4.h"
 #include "apr_lib.h"
+#include "apr_crypto.h"     /* for apr_crypto_memzero, if available */
 
 #if APR_HAVE_STRING_H
 #include <string.h>
@@ -359,7 +360,11 @@ static void MD4Transform(apr_uint32_t state[4], const unsigned char block[64])
     state[3] += d;
     
     /* Zeroize sensitive information. */
+#if APU_HAVE_CRYPTO
+    apr_crypto_memzero(x, sizeof(x));
+#else
     memset(x, 0, sizeof(x));
+#endif
 }
 
 /* Encodes input (apr_uint32_t) into output (unsigned char). Assumes len is
author	rjung <rjung@13f79535-47bb-0310-9956-ffa450edef68>	2018-08-25 13:34:08 +0000
committer	rjung <rjung@13f79535-47bb-0310-9956-ffa450edef68>	2018-08-25 13:34:08 +0000
commit	d9c42a88e1c89a992d2dba14bab2f8d2edc33758 (patch)
tree	4c46b2ab1941094c824035bcbde69fe3ceeeffbb
parent	c3dd9e199c1403b5457673dfd14693dd937a0277 (diff)
download	libapr-util-d9c42a88e1c89a992d2dba14bab2f8d2edc33758.tar.gz