Core: ngx_explicit_memzero().
diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
index 2ee07bf..04980f8 100644
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@@ -2013,6 +2013,14 @@
}
+void
+ngx_explicit_memzero(void *buf, size_t n)
+{
+ ngx_memzero(buf, n);
+ ngx_memory_barrier();
+}
+
+
#if (NGX_MEMCPY_LIMIT)
void *
diff --git a/src/core/ngx_string.h b/src/core/ngx_string.h
index 882ae7c..0fb9be7 100644
--- a/src/core/ngx_string.h
+++ b/src/core/ngx_string.h
@@ -88,6 +88,8 @@
#define ngx_memzero(buf, n) (void) memset(buf, 0, n)
#define ngx_memset(buf, c, n) (void) memset(buf, c, n)
+void ngx_explicit_memzero(void *buf, size_t n);
+
#if (NGX_MEMCPY_LIMIT)
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 2c384a4..a281fba 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1051,7 +1051,7 @@
ngx_close_file_n " \"%s\" failed", file->data);
}
- ngx_memzero(buf, NGX_SSL_PASSWORD_BUFFER_SIZE);
+ ngx_explicit_memzero(buf, NGX_SSL_PASSWORD_BUFFER_SIZE);
return passwords;
}
@@ -1068,7 +1068,7 @@
pwd = passwords->elts;
for (i = 0; i < passwords->nelts; i++) {
- ngx_memzero(pwd[i].data, pwd[i].len);
+ ngx_explicit_memzero(pwd[i].data, pwd[i].len);
}
}
