Hello!
This function was defined and used instead of memset to reset mbedtls's sha256 context. Is there a good reason behind this choice?
/* Implementation that should never be optimized out by the compiler */
void hash_zeroize( void *v, size_t n )
{
volatile unsigned char *p = (unsigned char *)v;
while (n--)
{
*p++ = 0;
}
}
By assigning to a volatile pointer, this ensures the code is not optimized out. Otherwise, if the operation has no effect, it can be optimized away.
If this resets bytes such as a hash or password or other sensitive information that you want to protect from other parts of the code and ensure are no longer in memory, it is imperative that the operation actually take place.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.