From 37e3dbdd8206e4f0f03fab13ff3f38aa932be065 Mon Sep 17 00:00:00 2001
From: Dimitri Staessens <Dimitri.Staessens@Quantum.Com>
Date: Wed, 28 Jan 2026 00:35:28 +0100
Subject: lib: Fix OpenSSL includes and explicit_bzero on OSX

The include headers and NIDs are different on macOS X. It also doesn't
have explicit_bzero.

The crypt.h includes are now guarded to work on OS X (trying to avoid
the includes by defining the OpenSSL mac header guard led to a whole
list of other issues).

The explicit zero'ing of buffers temporarily holding secrets has now
been abstracted in a crypt_secure_clear() function defaulting to
OpenSSL_cleanse, explicit_bzero (if present) or a best-effort option
using a volatile pointer.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
---
 src/lib/crypt.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'src/lib/crypt.c')

diff --git a/src/lib/crypt.c b/src/lib/crypt.c
index fdbae776..38dd9f29 100644
--- a/src/lib/crypt.c
+++ b/src/lib/crypt.c
@@ -1064,3 +1064,24 @@ void crypt_secure_free(void * ptr,
         free(ptr);
 #endif
 }
+
+void crypt_secure_clear(void * ptr,
+                        size_t size)
+{
+        volatile uint8_t * p;
+
+        if (ptr == NULL)
+                return;
+
+#ifdef HAVE_OPENSSL
+        (void) p;
+        openssl_secure_clear(ptr, size);
+#elif defined(HAVE_EXPLICIT_BZERO)
+        (void) p;
+        explicit_bzero(ptr, size);
+#else /* best effort to avoid optimizing out */
+        p = ptr;
+        while (size-- > 0)
+                *p++ = 0;
+#endif
+}
-- 
cgit v1.2.3