commit f55182d2bf1ede94f716697f8672e5156e6f761d
author Dave Rodgman <dave.rodgman@arm.com> Fri Feb 24 17:42:43 2023 +0000
committer Dave Rodgman <dave.rodgman@arm.com> Fri Feb 24 17:42:43 2023 +0000
tree f9af303245ea3588bcf93041a0da2df287dbffdf
parent a3b625b0a1139fe0b81c4b0a0b644473c94c5646

Use platform-provided secure zeroization call

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

library/platform_util.c

diff --git a/library/platform_util.c b/library/platform_util.c
index f935b90..47feb64 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -33,8 +33,27 @@
 #include "mbedtls/threading.h"
 
 #include <stddef.h>
+
+#ifndef __STDC_WANT_LIB_EXT1__
+#define __STDC_WANT_LIB_EXT1__ 1
+#endif
 #include <string.h>
 
+#if defined(_WIN32)
+#include <Windows.h>
+#endif
+
+// Detect platforms known to support explicit_bzero()
+#if defined(__GLIBC__) && (__GLIBC__ >= 2) && (__GLIBC_MINOR__ >= 25)
+#define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1
+#endif
+#if defined(__FreeBSD__) && __FreeBSD_version >= 1100037
+#define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1
+#endif
+#if defined(__NEWLIB__)
+#define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1
+#endif
+
 #if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
 /*
  * This implementation should never be optimized out by the compiler
@@ -69,7 +88,15 @@
     MBEDTLS_INTERNAL_VALIDATE(len == 0 || buf != NULL);
 
     if (len > 0) {
+#if defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO)
+        explicit_bzero(buf, len);
+#elif(__STDC_LIB_EXT1__)
+        memset_s(buf, len, 0, len);
+#elif defined(_WIN32)
+        SecureZeroMemory(buf, len);
+#else
         memset_func(buf, 0, len);
+#endif
     }
 }
 #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */