From 4daca637340e033c2d7fb2043b050a2977ec6182 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 24 Feb 2023 17:43:00 +0000 Subject: [PATCH] Documentation Signed-off-by: Dave Rodgman --- library/platform_util.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/library/platform_util.c b/library/platform_util.c index 47feb645a5..60b77e84e8 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -56,7 +56,12 @@ #if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT) /* - * This implementation should never be optimized out by the compiler + * Where possible, we try to detect the presence of a platform-provided + * secure memset, such as explicit_bzero(), that is safe against being optimized + * out, and use that. + * + * For other platforms, we provide an implementation that aims not to be + * optimized out by the compiler. * * This implementation for mbedtls_platform_zeroize() was inspired from Colin * Percival's blog article at: @@ -71,11 +76,11 @@ * (refer to http://www.daemonology.net/blog/2014-09-05-erratum.html for * details), optimizations of the following form are still possible: * - * if( memset_func != memset ) - * memset_func( buf, 0, len ); + * if(memset_func != memset) + * memset_func(buf, 0, len); * * Note that it is extremely difficult to guarantee that - * mbedtls_platform_zeroize() will not be optimized out by aggressive compilers + * the memset() call will not be optimized out by aggressive compilers * in a portable way. For this reason, Mbed TLS also provides the configuration * option MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure * mbedtls_platform_zeroize() to use a suitable implementation for their