Wipe the context before releasing as an extra safeguard.

* src/assuan-defs.h (wipememory2, wipememory): New.  Taken from GnuPG.
* src/assuan.c (assuan_release): Wipe the context.
--

The assuan context has buffers which may carry senitive information.
These buffers could be wiped out with each flush but that is too
expensive.  Thus we only wipe them when freeing the context.

Signed-off-by: Werner Koch <wk@gnupg.org>

1 files changed, 10 insertions, 0 deletions

diff --git a/src/assuan-defs.h b/src/assuan-defs.h
index 68cd810..cf0015e 100644
--- a/src/assuan-defs.h
+++ b/src/assuan-defs.h
@@ -404,6 +404,16 @@ int _assuan_asprintf (char **buf, const char *fmt, ...);
 
 #define DIM(v)		     (sizeof(v)/sizeof((v)[0]))
 
+/* To avoid that a compiler optimizes memset calls away, these macros
+   can be used. */
+#define wipememory2(_ptr,_set,_len) do { \
+              volatile char *_vptr=(volatile char *)(_ptr); \
+              size_t _vlen=(_len); \
+              while(_vlen) { *_vptr=(_set); _vptr++; _vlen--; } \
+                  } while(0)
+#define wipememory(_ptr,_len) wipememory2(_ptr,0,_len)
+
+
 #if HAVE_W64_SYSTEM
 # define SOCKET2HANDLE(s) ((void *)(s))
 # define HANDLE2SOCKET(h) ((uintptr_t)(h))