From 9c097d997c03f882eaf8260e81b7d0e2993ba34a Mon Sep 17 00:00:00 2001 From: Bence Mali <64798108+bencemali@users.noreply.github.com> Date: Mon, 20 May 2024 17:51:03 +0200 Subject: [PATCH] use OPENSSL_cleanse if OpenSSL is used (#1773) Signed-off-by: Bence Mali --- src/common/common.c | 6 ++++-- src/common/ossl_functions.h | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/common/common.c b/src/common/common.c index 7de1e6581..7074aa9fb 100644 --- a/src/common/common.c +++ b/src/common/common.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: Apache-2.0 AND MIT -#if !defined(_WIN32) && !defined(OQS_HAVE_EXPLICIT_BZERO) +#if !defined(OQS_USE_OPENSSL) && !defined(_WIN32) && !defined(OQS_HAVE_EXPLICIT_BZERO) // Request memset_s #define __STDC_WANT_LIB_EXT1__ 1 #endif @@ -256,7 +256,9 @@ OQS_API int OQS_MEM_secure_bcmp(const void *a, const void *b, size_t len) { } OQS_API void OQS_MEM_cleanse(void *ptr, size_t len) { -#if defined(_WIN32) +#if defined(OQS_USE_OPENSSL) + OSSL_FUNC(OPENSSL_cleanse)(ptr, len); +#elif defined(_WIN32) SecureZeroMemory(ptr, len); #elif defined(OQS_HAVE_EXPLICIT_BZERO) explicit_bzero(ptr, len); diff --git a/src/common/ossl_functions.h b/src/common/ossl_functions.h index cece5c950..aa0ceb127 100644 --- a/src/common/ossl_functions.h +++ b/src/common/ossl_functions.h @@ -46,6 +46,7 @@ FUNC(const EVP_MD *, EVP_sha512, (void), ()) FUNC(const EVP_MD *, EVP_shake128, (void), ()) FUNC(const EVP_MD *, EVP_shake256, (void), ()) #endif +VOID_FUNC(void, OPENSSL_cleanse, (void *ptr, size_t len), (ptr, len)) FUNC(int, RAND_bytes, (unsigned char *buf, int num), (buf, num)) FUNC(int, RAND_poll, (void), ()) FUNC(int, RAND_status, (void), ())