Skip to content

Commit

Permalink
wincng: Added explicit clear memory feature to WinCNG backend
Browse files Browse the repository at this point in the history 
This re-introduces the original feature proposed during
the development of the WinCNG crypto backend. It still needs
to be added to libssh2 itself and probably other backends.

Memory is cleared using the function SecureZeroMemory which is
available on Windows systems, just like the WinCNG backend.
  • Loading branch information
@mback2k
mback2k committed Mar 22, 2015
1 parent 77020c7 commit 57dea4d
Show file tree
Hide file tree
Showing 2 changed files with 104 additions and 65 deletions.
23 changes: 23 additions & 0 deletions configure.ac
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@ AC_ARG_WITH(libz,
use_libz=$withval,use_libz=auto)

found_crypto=none
support_clear_memory=no

# Look for OpenSSL
if test "$found_crypto" = "none" && test "$use_openssl" != "no"; then
Expand Down Expand Up @@ -150,6 +151,7 @@ if test "$ac_cv_libbcrypt" = "yes"; then
LIBS="$LIBS -lcrypt32"
fi
found_crypto="Windows Cryptography API: Next Generation"
support_clear_memory=yes
fi
AM_CONDITIONAL(WINCNG, test "$ac_cv_libbcrypt" = "yes")

Expand Down Expand Up @@ -197,6 +199,26 @@ if test "$GEX_NEW" != "no"; then
AC_DEFINE(LIBSSH2_DH_GEX_NEW, 1, [Enable newer diffie-hellman-group-exchange-sha1 syntax])
fi

AC_ARG_ENABLE(clear-memory,
AC_HELP_STRING([--disable-clear-memory],[Disable clearing of memory before being freed]),
[CLEAR_MEMORY=$enableval])
if test "$CLEAR_MEMORY" != "no"; then
if test "$support_clear_memory" = "yes"; then
AC_DEFINE(LIBSSH2_CLEAR_MEMORY, 1, [Enable clearing of memory before being freed])
enable_clear_memory=yes
else
AC_MSG_ERROR([secure clearing/zeroing of memory is not supported by the selected crypto backend])
enable_clear_memory=unsupported
fi
else
if test "$support_clear_memory" = "yes"; then
enable_clear_memory=no
else
AC_MSG_WARN([secure clearing/zeroing of memory is not supported by the selected crypto backend])
enable_clear_memory=unsupported
fi
fi

dnl ************************************************************
dnl option to switch on compiler debug options
dnl
Expand Down Expand Up @@ -362,6 +384,7 @@ AC_MSG_NOTICE([summary of build options:
Compiler flags: ${CFLAGS}
Library types: Shared=${enable_shared}, Static=${enable_static}
Crypto library: ${found_crypto}
Clear memory: $enable_clear_memory
Debug build: $enable_debug
Build examples: $build_examples
Path to sshd: $ac_cv_path_SSHD (only for self-tests)
Expand Down
Loading

0 comments on commit 57dea4d

Please sign in to comment.