generalized the case with secure memory zeroing

6 files changed, 24 insertions, 57 deletions

diff --git a/ext/hash/hash_ripemd.c b/ext/hash/hash_ripemd.c
index 16fbd12b18..0e0df3ac89 100644
--- a/ext/hash/hash_ripemd.c
+++ b/ext/hash/hash_ripemd.c
@@ -244,7 +244,7 @@ static void RIPEMD128Transform(php_hash_uint32 state[4], const unsigned char blo
 	state[0] = tmp;
 
 	tmp = 0;
-	memset(x, 0, sizeof(x));
+	ZEND_SECURE_ZERO(x, sizeof(x));
 }
 /* }}} */
 
@@ -342,7 +342,7 @@ static void RIPEMD256Transform(php_hash_uint32 state[8], const unsigned char blo
 	state[7] += dd;
 
 	tmp = 0;
-	memset(x, 0, sizeof(x));
+	ZEND_SECURE_ZERO(x, sizeof(x));
 }
 /* }}} */
 
@@ -441,7 +441,7 @@ static void RIPEMD160Transform(php_hash_uint32 state[5], const unsigned char blo
 	state[0] = tmp;
 
 	tmp = 0;
-	memset(x, 0, sizeof(x));
+	ZEND_SECURE_ZERO(x, sizeof(x));
 }
 /* }}} */
 
@@ -549,7 +549,7 @@ static void RIPEMD320Transform(php_hash_uint32 state[10], const unsigned char bl
 	state[9] += ee;
 
 	tmp = 0;
-	memset(x, 0, sizeof(x));
+	ZEND_SECURE_ZERO(x, sizeof(x));
 }
 /* }}} */
 
diff --git a/ext/hash/hash_whirlpool.c b/ext/hash/hash_whirlpool.c
index ca41e523d0..60087aee64 100644
--- a/ext/hash/hash_whirlpool.c
+++ b/ext/hash/hash_whirlpool.c
@@ -263,8 +263,8 @@ static void WhirlpoolTransform(PHP_WHIRLPOOL_CTX *context)
     context->state[5] ^= state[5] ^ block[5];
     context->state[6] ^= state[6] ^ block[6];
     context->state[7] ^= state[7] ^ block[7];
-    
-    memset(state, 0, sizeof(state));
+
+	ZEND_SECURE_ZERO(state, sizeof(state));
 }
 
 PHP_HASH_API void PHP_WHIRLPOOLInit(PHP_WHIRLPOOL_CTX *context)
diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c
index b2524a0767..75940482d6 100644
--- a/ext/standard/crypt.c
+++ b/ext/standard/crypt.c
@@ -207,15 +207,11 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch
 
 			crypt_res = php_crypt_blowfish_rn(password, salt, output, sizeof(output));
 			if (!crypt_res) {
-				memset(output, 0, PHP_MAX_SALT_LEN + 1);
+				ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN + 1);
 				return NULL;
 			} else {
 				result = zend_string_init(output, strlen(output), 0);
-#ifdef PHP_WIN32
-				RtlSecureZeroMemory(output, PHP_MAX_SALT_LEN + 1);
-#else
-				memset(output, 0, PHP_MAX_SALT_LEN + 1);
-#endif
+				ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN + 1);
 				return result;
 			}
 		} else {
diff --git a/ext/standard/crypt_sha256.c b/ext/standard/crypt_sha256.c
index bf07eaa320..826b4d1593 100644
--- a/ext/standard/crypt_sha256.c
+++ b/ext/standard/crypt_sha256.c
@@ -571,33 +571,18 @@ char * php_sha256_crypt_r(const char *key, const char *salt, char *buffer, int b
      inside the SHA256 implementation as well.  */
 	sha256_init_ctx(&ctx);
 	sha256_finish_ctx(&ctx, alt_result);
-#ifdef PHP_WIN32
-	RtlSecureZeroMemory(temp_result, sizeof(temp_result));
-	RtlSecureZeroMemory(p_bytes, key_len);
-	RtlSecureZeroMemory(s_bytes, salt_len);
-	RtlSecureZeroMemory(&ctx, sizeof(ctx));
-	RtlSecureZeroMemory(&alt_ctx, sizeof(alt_ctx));
-
-	if (copied_key != NULL) {
-		RtlSecureZeroMemory(copied_key, key_len);
-	}
-	if (copied_salt != NULL) {
-		RtlSecureZeroMemory(copied_salt, salt_len);
-	}
-#else
-	memset(temp_result, '\0', sizeof(temp_result));
-	memset(p_bytes, '\0', key_len);
-	memset(s_bytes, '\0', salt_len);
-	memset(&ctx, '\0', sizeof(ctx));
-	memset(&alt_ctx, '\0', sizeof(alt_ctx));
+	ZEND_SECURE_ZERO(temp_result, sizeof(temp_result));
+	ZEND_SECURE_ZERO(p_bytes, key_len);
+	ZEND_SECURE_ZERO(s_bytes, salt_len);
+	ZEND_SECURE_ZERO(&ctx, sizeof(ctx));
+	ZEND_SECURE_ZERO(&alt_ctx, sizeof(alt_ctx));
 
 	if (copied_key != NULL) {
-		memset(copied_key, '\0', key_len);
+		ZEND_SECURE_ZERO(copied_key, key_len);
 	}
 	if (copied_salt != NULL) {
-		memset(copied_salt, '\0', salt_len);
+		ZEND_SECURE_ZERO(copied_salt, salt_len);
 	}
-#endif
 
 	return buffer;
 }
diff --git a/ext/standard/crypt_sha512.c b/ext/standard/crypt_sha512.c
index 0b6c338d61..9e5def38c5 100644
--- a/ext/standard/crypt_sha512.c
+++ b/ext/standard/crypt_sha512.c
@@ -619,31 +619,17 @@ php_sha512_crypt_r(const char *key, const char *salt, char *buffer, int buflen)
 	 inside the SHA512 implementation as well.  */
 	sha512_init_ctx(&ctx);
 	sha512_finish_ctx(&ctx, alt_result);
-#ifdef PHP_WIN32
-	RtlSecureZeroMemory(temp_result, sizeof(temp_result));
-	RtlSecureZeroMemory(p_bytes, key_len);
-	RtlSecureZeroMemory(s_bytes, salt_len);
-	RtlSecureZeroMemory(&ctx, sizeof(ctx));
-	RtlSecureZeroMemory(&alt_ctx, sizeof(alt_ctx));
+	ZEND_SECURE_ZERO(temp_result, sizeof(temp_result));
+	ZEND_SECURE_ZERO(p_bytes, key_len);
+	ZEND_SECURE_ZERO(s_bytes, salt_len);
+	ZEND_SECURE_ZERO(&ctx, sizeof(ctx));
+	ZEND_SECURE_ZERO(&alt_ctx, sizeof(alt_ctx));
 	if (copied_key != NULL) {
-		RtlSecureZeroMemory(copied_key, key_len);
+		ZEND_SECURE_ZERO(copied_key, key_len);
 	}
 	if (copied_salt != NULL) {
-		RtlSecureZeroMemory(copied_salt, salt_len);
-	}
-#else
-	memset(temp_result, '\0', sizeof(temp_result));
-	memset(p_bytes, '\0', key_len);
-	memset(s_bytes, '\0', salt_len);
-	memset(&ctx, '\0', sizeof(ctx));
-	memset(&alt_ctx, '\0', sizeof(alt_ctx));
-	if (copied_key != NULL) {
-		memset(copied_key, '\0', key_len);
+		ZEND_SECURE_ZERO(copied_salt, salt_len);
 	}
-	if (copied_salt != NULL) {
-		memset(copied_salt, '\0', salt_len);
-	}
-#endif
 
 	return buffer;
 }
diff --git a/ext/standard/php_crypt_r.c b/ext/standard/php_crypt_r.c
index 4917ebce2f..da0e87bc1c 100644
--- a/ext/standard/php_crypt_r.c
+++ b/ext/standard/php_crypt_r.c
@@ -206,7 +206,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out) {
 	}
 
 	/* Don't leave anything around in vm they could use. */
-	RtlSecureZeroMemory(final, sizeof(final));
+	ZEND_SECURE_ZERO(final, sizeof(final));
 
 	/* Then something really weird... */
 	for (i = pwl; i != 0; i >>= 1) {
@@ -288,7 +288,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out) {
 
 	*p = '\0';
 
-	RtlSecureZeroMemory(final, sizeof(final));
+	ZEND_SECURE_ZERO(final, sizeof(final));
 
 
 _destroyCtx1: