| Andres Amaya Garcia | 904e1ef | 2018-04-17 09:16:30 -0500 | [diff] [blame] | 1 | /** |
| 2 | * \file platform_util.h |
| 3 | * |
| 4 | * \brief Common and shared functions used by multiple modules in the Mbed TLS |
| 5 | * library. |
| 6 | */ |
| 7 | /* |
| 8 | * Copyright (C) 2018, Arm Limited, All Rights Reserved |
| 9 | * SPDX-License-Identifier: Apache-2.0 |
| 10 | * |
| 11 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 12 | * not use this file except in compliance with the License. |
| 13 | * You may obtain a copy of the License at |
| 14 | * |
| 15 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 16 | * |
| 17 | * Unless required by applicable law or agreed to in writing, software |
| 18 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 19 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 20 | * See the License for the specific language governing permissions and |
| 21 | * limitations under the License. |
| 22 | * |
| 23 | * This file is part of Mbed TLS (https://tls.mbed.org) |
| 24 | */ |
| 25 | #ifndef MBEDTLS_PLATFORM_UTIL_H |
| 26 | #define MBEDTLS_PLATFORM_UTIL_H |
| 27 | |
| 28 | #include <stddef.h> |
| 29 | |
| 30 | #ifdef __cplusplus |
| 31 | extern "C" { |
| 32 | #endif |
| 33 | |
| 34 | /** |
| 35 | * \brief Securely zeroize a buffer |
| 36 | * |
| Andres Amaya Garcia | 56e06db | 2018-04-24 08:37:52 -0500 | [diff] [blame^] | 37 | * The function is meant to wipe the data contained in a buffer so |
| 38 | * that it can no longer be recovered even if the program memory |
| 39 | * is later compromised. Call this function on sensitive data |
| 40 | * stored on the stack before returning from a function, and on |
| 41 | * sensitive data stored on the heap before freeing the heap |
| 42 | * object. |
| Andres Amaya Garcia | 904e1ef | 2018-04-17 09:16:30 -0500 | [diff] [blame] | 43 | * |
| Andres Amaya Garcia | 56e06db | 2018-04-24 08:37:52 -0500 | [diff] [blame^] | 44 | * It is extremely difficult to guarantee that calls to |
| Andres Amaya Garcia | 904e1ef | 2018-04-17 09:16:30 -0500 | [diff] [blame] | 45 | * mbedtls_platform_zeroize() are not removed by aggressive |
| 46 | * compiler optimizations in a portable way. For this reason, Mbed |
| 47 | * TLS provides the configuration option |
| 48 | * MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure |
| 49 | * mbedtls_platform_zeroize() to use a suitable implementation for |
| 50 | * their platform and needs |
| Andres Amaya Garcia | 56e06db | 2018-04-24 08:37:52 -0500 | [diff] [blame^] | 51 | * |
| 52 | * \param buf Buffer to be zeroized |
| 53 | * \param len Length of the buffer in bytes |
| 54 | * |
| Andres Amaya Garcia | 904e1ef | 2018-04-17 09:16:30 -0500 | [diff] [blame] | 55 | */ |
| 56 | void mbedtls_platform_zeroize( void *buf, size_t len ); |
| 57 | |
| 58 | #ifdef __cplusplus |
| 59 | } |
| 60 | #endif |
| 61 | |
| 62 | #endif /* MBEDTLS_PLATFORM_UTIL_H */ |