pyxcrypt: Wipe confident memory in a secure way.

* meson.build: Probe for system functions that securely wipe memory.
* src/pyxcrypt/pyxcrypt-config.h.in: New file.
* src/pyxcrypt/pyxcrypt-memerase.c: New file.
* src/pyxcrypt/pyxcrypt.c: Wipe memory securely where applicable.

Author: besser82

meson.build

@@ -1,14 +1,37 @@
 project('pyxcrypt', 'c', meson_version: '>= 1.3.0')
+
+compiler = meson.get_compiler('c')
+conf_data = configuration_data()
 lxcrypt = dependency('libxcrypt')
 
+if compiler.has_function('SecureZeroMemory', prefix : '#include <Windows.h>')
+  conf_data.set('PYXCRYPT_HAVE_SECUREZEROMEMORY', true)
+else
+  if compiler.has_function('memset_explicit', prefix : '#include <string.h>')
+    conf_data.set('PYXCRYPT_HAVE_MEMSET_EXPLICIT', true)
+  else
+    if compiler.has_function('explicit_bzero', prefix : '#include <string.h>')
+      conf_data.set('PYXCRYPT_HAVE_EXPLICIT_BZERO', true)
+    else
+      conf_data.set('PYXCRYPT_USE_MEMERASE_IMPL', true)
+    endif
+  endif
+endif
+
+pyxcrypt_src = [
+  'src/pyxcrypt/pyxcrypt.c',
+  'src/pyxcrypt/pyxcrypt-memerase.c'
+]
+
 py = import('python').find_installation('python3', pure: false)
 
-py.extension_module('pyxcrypt',
-'src/pyxcrypt/pyxcrypt.c',
-dependencies: lxcrypt,
-install: true,
-subdir: 'pyxcrypt',
-limited_api: '3.2'
+py.extension_module(
+  'pyxcrypt',
+  pyxcrypt_src,
+  dependencies: lxcrypt,
+  install: true,
+  subdir: 'pyxcrypt',
+  limited_api: '3.2'
 )
 
 py.install_sources(
@@ -31,3 +54,9 @@ test('unit-tests',
   run_tests,
   args: ['../tests'],
 )
+
+configure_file(
+  input : 'src/pyxcrypt/pyxcrypt-config.h.in',
+  output : 'pyxcrypt-config.h',
+  configuration : conf_data
+)

src/pyxcrypt/pyxcrypt-config.h.in

@@ -0,0 +1,47 @@
+/*
+ * This file is part of pyxcrypt.
+ *
+ * pyxcrypt is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * pyxcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with pyxcrypt.
+ * If not, see <https://www.gnu.org/licenses/>.
+ */
+
+#if !defined _PYXCRYPT_CONFIG_H_
+#define _PYXCRYPT_CONFIG_H_
+
+#include <stddef.h>
+
+#mesondefine PYXCRYPT_HAVE_SECUREZEROMEMORY
+#mesondefine PYXCRYPT_HAVE_MEMSET_EXPLICIT
+#mesondefine PYXCRYPT_HAVE_EXPLICIT_BZERO
+#mesondefine PYXCRYPT_USE_MEMERASE_IMPL
+
+#if defined PYXCRYPT_HAVE_SECUREZEROMEMORY
+#include <Windows.h>
+#define pyxcrypt_memerase(p, l) SecureZeroMemory(p, l)
+#elif defined PYXCRYPT_HAVE_MEMSET_EXPLICIT
+#define pyxcrypt_memerase(p, l) memset_explicit(p, 0, l)
+#elif defined PYXCRYPT_HAVE_EXPLICIT_BZERO
+#define pyxcrypt_memerase(p, l) explicit_bzero(p, l)
+#elif defined PYXCRYPT_USE_MEMERASE_IMPL
+
+#if defined __GNUC__ && __GNUC__ >= 3
+#define NO_INLINE __attribute__ ((__noinline__))
+#else
+#error "Don't know how to prevent function inlining"
+#endif
+
+NO_INLINE extern void pyxcrypt_memerase(void *p, size_t l);
+#endif /* PYXCRYPT_USE_MEMERASE_IMPL */
+#endif /* _PYXCRYPT_CONFIG_H_ */

src/pyxcrypt/pyxcrypt-memerase.c

@@ -0,0 +1,33 @@
+/*
+ * This file is part of pyxcrypt.
+ *
+ * pyxcrypt is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * pyxcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with pyxcrypt.
+ * If not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include <pyxcrypt-config.h>
+
+#if defined PYXCRYPT_USE_MEMERASE_IMPL
+
+#include <string.h>
+
+/* Keep this in a seperate translation-unit,
+   so the compiler will not start to optimize this away.  */
+NO_INLINE void pyxcrypt_memerase(void *p, size_t l)
+{
+  p = memset (p, 0, l);
+  asm volatile ("" : : "g" (p) : "memory");
+}
+#endif /* PYXCRYPT_USE_MEMERASE_IMPL */

src/pyxcrypt/pyxcrypt.c

@@ -17,6 +17,7 @@
  * If not, see <https://www.gnu.org/licenses/>.
  */
 
+#include <pyxcrypt-config.h>
 
 #if !defined(Py_LIMITED_API) || Py_LIMITED_API > 0x030a0000
 #include <stdio.h>
@@ -64,6 +65,7 @@ static PyObject * _crypt_gensalt(PyObject *self, PyObject *args)
         return NULL;
     }
     output = Py_BuildValue("z", setting);
+    pyxcrypt_memerase(setting, CRYPT_GENSALT_OUTPUT_SIZE);
     free(setting);
 
     return output;
@@ -99,10 +101,12 @@ static PyObject * _crypt(PyObject *self, PyObject *args)
     if (hash == NULL)
     {
         PyErr_SetString(PyExc_RuntimeError, strerror(errno));
+        pyxcrypt_memerase(data, size);
         free(data);
         return NULL;
     }
     output = Py_BuildValue("z", hash);
+    pyxcrypt_memerase(data->output, sizeof(data->output));
     free(data);
 
     return output;