From: Kirill Isakov <bootctl@gmail.com>
Date: Fri, 22 Apr 2022 12:33:52 +0000 (+0600)
Subject: Wipe (some) secrets from memory after use
X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=c44b08613508c993e7fd9f625e0b1b4775efffed;hp=c44b08613508c993e7fd9f625e0b1b4775efffed;p=tinc

Wipe (some) secrets from memory after use

to lessen the amount of sensitive information ending up in swap, core
dumps, or in the hands of any remote attackers.

While there still remaings a lot interesting data in configuration trees,
connection_t structs, etc, this is considered a good practice nevertheless.

Some bedtime reading:

- http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html
- http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html
- https://github.com/jedisct1/libsodium/blob/be58b2e6664389d9c7993b55291402934b43b3ca/src/libsodium/sodium/utils.c#L78:L101
---