lib: Fix OpenSSL includes and explicit_bzero on OSX

The include headers and NIDs are different on macOS X. It also doesn't
have explicit_bzero.

The crypt.h includes are now guarded to work on OS X (trying to avoid
the includes by defining the OpenSSL mac header guard led to a whole
list of other issues).

The explicit zero'ing of buffers temporarily holding secrets has now
been abstracted in a crypt_secure_clear() function defaulting to
OpenSSL_cleanse, explicit_bzero (if present) or a best-effort option
using a volatile pointer.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>

1 files changed, 3 insertions, 3 deletions

diff --git a/src/lib/dev.c b/src/lib/dev.c
index 35ea701b..fb06c496 100644
--- a/src/lib/dev.c
+++ b/src/lib/dev.c
@@ -870,7 +870,7 @@ int flow_accept(qosspec_t *             qs,
 
         fd = flow_init(&flow, &crypt);
 
-        explicit_bzero(key, SYMMKEYSZ);
+        crypt_secure_clear(key, SYMMKEYSZ);
 
         if (qs != NULL)
                 *qs = flow.qs;
@@ -917,7 +917,7 @@ int flow_alloc(const char *            dst,
 
         fd = flow_init(&flow, &crypt);
 
-        explicit_bzero(key, SYMMKEYSZ);
+        crypt_secure_clear(key, SYMMKEYSZ);
 
         if (qs != NULL)
                 *qs = flow.qs;
@@ -956,7 +956,7 @@ int flow_join(const char *            dst,
 
         fd = flow_init(&flow, &crypt);
 
-        explicit_bzero(key, SYMMKEYSZ);
+        crypt_secure_clear(key, SYMMKEYSZ);
 
         return fd;
 }