From: Сковорода Никита Андреевич <chalkerx@gmail.com>
Date: Thu, 27 Aug 2015 09:24:45 +0000 (+0300)
Subject: crypto: Use OPENSSL_cleanse to shred the data.
X-Git-Tag: v4.0.0-rc.1~66
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=87df7d3be341cc590249837ed316bd91baf6ebc2;p=platform%2Fupstream%2Fnodejs.git

crypto: Use OPENSSL_cleanse to shred the data.

memset() is not useful here, it's efficiently a noop.

PR-URL: https://github.com/nodejs/node/pull/2575
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
---

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 0e4fc45..eab0e0e 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -4723,8 +4723,8 @@ void EIO_PBKDF2(PBKDF2Request* req) {
     req->digest(),
     req->keylen(),
     reinterpret_cast<unsigned char*>(req->key())));
-  memset(req->pass(), 0, req->passlen());
-  memset(req->salt(), 0, req->saltlen());
+  OPENSSL_cleanse(req->pass(), req->passlen());
+  OPENSSL_cleanse(req->salt(), req->saltlen());
 }
 
 
@@ -4738,7 +4738,7 @@ void EIO_PBKDF2After(PBKDF2Request* req, Local<Value> argv[2]) {
   if (req->error()) {
     argv[0] = Undefined(req->env()->isolate());
     argv[1] = Encode(req->env()->isolate(), req->key(), req->keylen(), BUFFER);
-    memset(req->key(), 0, req->keylen());
+    OPENSSL_cleanse(req->key(), req->keylen());
   } else {
     argv[0] = Exception::Error(req->env()->pbkdf2_error_string());
     argv[1] = Undefined(req->env()->isolate());