Import the #'clear-string API from GNU, use it in tls.c src/ChangeLog addition: 2015-04-18 Aidan Kehoe <kehoea@parhasard.net> * sequence.c (Fclear_string): New, API from GNU. Zero a string's contents, making sure the text is not kept around even when the string's data is reallocated because of a changed character length. * sequence.c (syms_of_sequence): Make it available to Lisp. * lisp.h: Make it available to C code. * tls.c (nss_pk11_password): Use it. * tls.c (gnutls_pk11_password): Use it. * tls.c (openssl_password): Use it. tests/ChangeLog addition: 2015-04-18 Aidan Kehoe <kehoea@parhasard.net> * automated/lisp-tests.el: Test #'clear-string, just added. Unfortunately there's no way to be certain from Lisp that the old password data has been erased after realloc; it may be worth adding a test to tests.c, but *we'll be reading memory we shouldn't be*, so that gives me pause.