use memwipe in a few relevant places

src/common/password.cpp

@@ -46,6 +46,8 @@
   #include "readline_buffer.h"
 #endif
 
+#include "common/memwipe.h"
+
 namespace
 {
 #if defined(_WIN32)
@@ -163,8 +165,9 @@ namespace
 
   void clear(std::string& pass) noexcept
   {
-    //! TODO Call a memory wipe function that hopefully is not optimized out
+    // technically, the std::string documentation says the data should not be modified,
-    pass.replace(0, pass.capacity(), pass.capacity(), '\0');
+    // but there seems to be no way to get a non const raw pointer to the data
+    memwipe((void*)pass.data(), pass.size());
     pass.clear();
   }
 

src/crypto/chacha8.h

@@ -39,6 +39,7 @@
 #if defined(__cplusplus)
 #include <memory.h>
 
+#include "common/memwipe.h"
 #include "hash.h"
 
 namespace crypto {
@@ -54,7 +55,7 @@ namespace crypto {
 
     ~chacha8_key()
     {
-      memset(data, 0, sizeof(data));
+      memwipe(data, sizeof(data));
     }
   };
 
@@ -75,7 +76,7 @@ namespace crypto {
     char pwd_hash[HASH_SIZE];
     crypto::cn_slow_hash(data, size, pwd_hash);
     memcpy(&key, pwd_hash, sizeof(key));
-    memset(pwd_hash, 0, sizeof(pwd_hash));
+    memwipe(pwd_hash, sizeof(pwd_hash));
   }
 
   inline void generate_chacha8_key(std::string password, chacha8_key& key) {