Maxim Dounin
2018-11-15 18:31:34 UTC
details: http://hg.nginx.org/nginx/rev/9ca82f273967
branches:
changeset: 7395:9ca82f273967
user: Maxim Dounin <***@mdounin.ru>
date: Thu Nov 15 21:28:02 2018 +0300
description:
Core: ngx_explicit_memzero().
diffstat:
src/core/ngx_string.c | 8 ++++++++
src/core/ngx_string.h | 2 ++
src/event/ngx_event_openssl.c | 4 ++--
3 files changed, 12 insertions(+), 2 deletions(-)
diffs (51 lines):
diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@@ -2013,6 +2013,14 @@ ngx_sort(void *base, size_t n, size_t si
}
+void
+ngx_explicit_memzero(void *buf, size_t n)
+{
+ ngx_memzero(buf, n);
+ ngx_memory_barrier();
+}
+
+
#if (NGX_MEMCPY_LIMIT)
void *
diff --git a/src/core/ngx_string.h b/src/core/ngx_string.h
--- a/src/core/ngx_string.h
+++ b/src/core/ngx_string.h
@@ -88,6 +88,8 @@ ngx_strlchr(u_char *p, u_char *last, u_c
#define ngx_memzero(buf, n) (void) memset(buf, 0, n)
#define ngx_memset(buf, c, n) (void) memset(buf, c, n)
+void ngx_explicit_memzero(void *buf, size_t n);
+
#if (NGX_MEMCPY_LIMIT)
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1051,7 +1051,7 @@ cleanup:
ngx_close_file_n " \"%s\" failed", file->data);
}
- ngx_memzero(buf, NGX_SSL_PASSWORD_BUFFER_SIZE);
+ ngx_explicit_memzero(buf, NGX_SSL_PASSWORD_BUFFER_SIZE);
return passwords;
}
@@ -1068,7 +1068,7 @@ ngx_ssl_passwords_cleanup(void *data)
pwd = passwords->elts;
for (i = 0; i < passwords->nelts; i++) {
- ngx_memzero(pwd[i].data, pwd[i].len);
+ ngx_explicit_memzero(pwd[i].data, pwd[i].len);
}
}
branches:
changeset: 7395:9ca82f273967
user: Maxim Dounin <***@mdounin.ru>
date: Thu Nov 15 21:28:02 2018 +0300
description:
Core: ngx_explicit_memzero().
diffstat:
src/core/ngx_string.c | 8 ++++++++
src/core/ngx_string.h | 2 ++
src/event/ngx_event_openssl.c | 4 ++--
3 files changed, 12 insertions(+), 2 deletions(-)
diffs (51 lines):
diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@@ -2013,6 +2013,14 @@ ngx_sort(void *base, size_t n, size_t si
}
+void
+ngx_explicit_memzero(void *buf, size_t n)
+{
+ ngx_memzero(buf, n);
+ ngx_memory_barrier();
+}
+
+
#if (NGX_MEMCPY_LIMIT)
void *
diff --git a/src/core/ngx_string.h b/src/core/ngx_string.h
--- a/src/core/ngx_string.h
+++ b/src/core/ngx_string.h
@@ -88,6 +88,8 @@ ngx_strlchr(u_char *p, u_char *last, u_c
#define ngx_memzero(buf, n) (void) memset(buf, 0, n)
#define ngx_memset(buf, c, n) (void) memset(buf, c, n)
+void ngx_explicit_memzero(void *buf, size_t n);
+
#if (NGX_MEMCPY_LIMIT)
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1051,7 +1051,7 @@ cleanup:
ngx_close_file_n " \"%s\" failed", file->data);
}
- ngx_memzero(buf, NGX_SSL_PASSWORD_BUFFER_SIZE);
+ ngx_explicit_memzero(buf, NGX_SSL_PASSWORD_BUFFER_SIZE);
return passwords;
}
@@ -1068,7 +1068,7 @@ ngx_ssl_passwords_cleanup(void *data)
pwd = passwords->elts;
for (i = 0; i < passwords->nelts; i++) {
- ngx_memzero(pwd[i].data, pwd[i].len);
+ ngx_explicit_memzero(pwd[i].data, pwd[i].len);
}
}