memory: Use explicit_bzero() as memwipe() if available

configure.ac

@@ -650,7 +650,7 @@ AC_CHECK_FUNC(
 )
 
 AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r)
-AC_CHECK_FUNCS(fmemopen funopen mmap memrchr setlinebuf strptime dirfd sigwaitinfo)
+AC_CHECK_FUNCS(fmemopen funopen mmap memrchr setlinebuf strptime dirfd sigwaitinfo explicit_bzero)
 
 AC_CHECK_FUNC([syslog], [
 	AC_DEFINE([HAVE_SYSLOG], [], [have syslog(3) and friends])

src/libstrongswan/utils/utils/memory.c

@@ -60,6 +60,7 @@ void memxor(uint8_t dst[], const uint8_t src[], size_t n)
 	}
 }
 
+#ifndef HAVE_EXPLICIT_BZERO
 /**
  * Described in header.
  */
@@ -67,6 +68,7 @@ void memwipe_noinline(void *ptr, size_t n)
 {
 	memwipe_inline(ptr, n);
 }
+#endif /* HAVE_EXPLICIT_BZERO */
 
 /**
  * Described in header.

src/libstrongswan/utils/utils/memory.h

@@ -22,6 +22,10 @@
 #ifndef MEMORY_H_
 #define MEMORY_H_
 
+#ifdef HAVE_EXPLICIT_BZERO
+#include <string.h>
+#endif
+
 /**
  * Helper function that compares two binary blobs for equality
  */
@@ -82,6 +86,9 @@ static inline void *memset_noop(void *s, int c, size_t n)
  */
 void memxor(uint8_t dest[], const uint8_t src[], size_t n);
 
+#ifdef HAVE_EXPLICIT_BZERO
+#define memwipe(ptr, n) explicit_bzero(ptr, n)
+#else /* HAVE_EXPLICIT_BZERO */
 /**
  * Safely overwrite n bytes of memory at ptr with zero, non-inlining variant.
  */
@@ -133,6 +140,7 @@ static inline void memwipe(void *ptr, size_t n)
 		memwipe_noinline(ptr, n);
 	}
 }
+#endif /* HAVE_EXPLICIT_BZERO */
 
 /**
  * A variant of strstr with the characteristics of memchr, where haystack is not