Allow compile-time alternate to mbedtls_zeroize()
Add a new macro MBEDTLS_UTILS_ZEROIZE that allows users to configure
mbedtls_zeroize() to an alternative definition when defined. If the
macro is not defined, then mbed TLS will use the default definition of
the function.
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 9585e69..8c35b86 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2852,6 +2852,14 @@
*/
#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
+/**
+ * \def MBEDTLS_UTILS_ZEROIZE_ALT
+ *
+ * Uncomment the macro to let mbed TLS use your alternate implementation of
+ * mbedtls_zeroize().
+ */
+//#define MBEDTLS_UTILS_ZEROIZE_ALT
+
/* \} name SECTION: Customisation configuration options */
/* Target and application specific configurations */
diff --git a/library/utils.c b/library/utils.c
index f943cb1..3819558 100644
--- a/library/utils.c
+++ b/library/utils.c
@@ -19,10 +19,17 @@
* This file is part of mbed TLS (https://tls.mbed.org)
*/
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "mbedtls/utils.h"
#include <stddef.h>
+#if !defined(MBEDTLS_UTILS_ZEROIZE_ALT)
/* This implementation should never be optimized out by the compiler */
void mbedtls_zeroize( void *buf, size_t len )
{
@@ -31,3 +38,4 @@
while( len-- )
*p++ = 0;
}
+#endif /* MBEDTLS_UTILS_ZEROIZE_ALT */