Updating to use SecureZeroMemory on WinRT.

Author: stgates

Release/include/cpprest/web_utilities.h

@@ -84,7 +84,7 @@ class credentials
 {
 public:
     /// <summary>
-    /// Constructs and empty set of credentials without a user name or password.
+    /// Constructs an empty set of credentials without a user name or password.
     /// </summary>
     credentials() {}
 
@@ -148,7 +148,7 @@ class credentials
 
 /// <summary>
 /// web_proxy represents the concept of the web proxy, which can be auto-discovered,
-/// disabled, or specified explicitly by the user
+/// disabled, or specified explicitly by the user.
 /// </summary>
 class web_proxy
 {

Release/src/http/client/http_win7.cpp

@@ -883,30 +883,28 @@ class winhttp_client : public _http_client_communicator
         //  we cannot call WinHttpQueryAuthSchemes and WinHttpSetCredentials.
         if (error != ERROR_WINHTTP_RESEND_REQUEST)
         {
+            // Obtain the supported and preferred schemes.
             DWORD dwSupportedSchemes;
             DWORD dwFirstScheme;
-            DWORD dwSelectedScheme = 0;
             DWORD dwAuthTarget;
-            credentials cred;
-
-            // Obtain the supported and preferred schemes.
             if(!WinHttpQueryAuthSchemes(
                 hRequestHandle,
                 &dwSupportedSchemes,
                 &dwFirstScheme,
-                &dwAuthTarget)) 
+                &dwAuthTarget))
             {
                 // This will return the authentication failure to the user, without reporting fatal errors
                 return false;
             }
 
-            dwSelectedScheme = ChooseAuthScheme(dwSupportedSchemes);
+            DWORD dwSelectedScheme = ChooseAuthScheme(dwSupportedSchemes);
             if(dwSelectedScheme == 0)
             {
                 // This will return the authentication failure to the user, without reporting fatal errors
                 return false;
             }
 
+            credentials cred;
             if (dwAuthTarget == WINHTTP_AUTH_TARGET_SERVER && !p_request_context->m_server_authentication_tried)
             {
                 cred = p_request_context->m_http_client->client_config().credentials();

Release/src/utilities/web_utilities.cpp

@@ -42,25 +42,15 @@ namespace details
 #if defined(_MS_WINDOWS)
 #if defined(__cplusplus_winrt)
 
-// Helper function since SecureZeroMemory isn't available.
-void winrt_secure_zero_memory(_Out_writes_(count) void *buffer, _In_ size_t count)
-{
-    auto vptr = reinterpret_cast<volatile char *>(buffer);
-    while (count != 0)
-    {
-        *vptr = 0;
-        ++vptr;
-        --count;
-    }
-}
+// Helper function to zero out memory of an IBuffer.
 void winrt_secure_zero_buffer(Windows::Storage::Streams::IBuffer ^buffer)
 {
     Microsoft::WRL::ComPtr<IInspectable> bufferInspectable(reinterpret_cast<IInspectable *>(buffer));
     Microsoft::WRL::ComPtr<Windows::Storage::Streams::IBufferByteAccess> bufferByteAccess;
     bufferInspectable.As(&bufferByteAccess);
     byte * rawBytes;
     bufferByteAccess->Buffer(&rawBytes);
-    winrt_secure_zero_memory(rawBytes, buffer->Length);
+    SecureZeroMemory(rawBytes, buffer->Length);
 }
 
 winrt_encryption::winrt_encryption(const std::wstring &data)
@@ -98,7 +88,7 @@ plaintext_string winrt_encryption::decrypt() const
     auto data = plaintext_string(new std::wstring(
         reinterpret_cast<const std::wstring::value_type *>(rawPlaintext),
         plaintext->Length / 2));
-    winrt_secure_zero_memory(rawPlaintext, plaintext->Length);
+    SecureZeroMemory(rawPlaintext, plaintext->Length);
     return std::move(data);
 }
 #else
@@ -144,11 +134,7 @@ plaintext_string win32_encryption::decrypt() const
 
 void zero_memory_deleter::operator()(::utility::string_t *data) const
 {
-#if defined(__cplusplus_winrt)
-    winrt_secure_zero_memory(
-#else
     SecureZeroMemory(
-#endif
         const_cast<::utility::string_t::value_type *>(data->data()),
         data->size() * sizeof(::utility::string_t::value_type));
     delete data;