Add the ability to verify mbedtls_platform_zeroize() calls with -Wsizeof-pointer-memaccess

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-09-01 09:53:42 +01:00 · 2023-09-01 09:53:42 +01:00 · 42b02a909c
commit 42b02a909c
parent 4f69668558
1 changed files with 21 additions and 0 deletions
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@ -167,7 +167,28 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
 * \param len   Length of the buffer in bytes
 *
 */
+#if defined(MBEDTLS_PLATFORM_ZEROIZE_CHECK_UNSAFE)
+#define MBEDTLS_PLATFORM_ZEROIZE_ALT
+#define mbedtls_platform_zeroize(buf, len) memset(buf, 0, len)
+#include <string.h>
+#else
 void mbedtls_platform_zeroize(void *buf, size_t len);
+#endif
+
+/* MBEDTLS_PLATFORM_ZEROIZE_CHECK_UNSAFE
+ *
+ * Replaces calls to mbedtls_platform_zeroize() with calls to memset(),
+ * to allow compiler analysis to check for invalid length arguments (e.g.
+ * specifying sizeof(pointer) rather than sizeof(pointee)).
+ *
+ * Note that this option is meant for internal use only and must not be used
+ * in production builds, because that would lead to zeroization calls being
+ * optimised out by the compiler.
+ *
+ * It is only intended to be used in CFLAGS, with -Wsizeof-pointer-memaccess,
+ * to check for those incorrect calls to mbedtls_platform_zeroize().
+ */
+//#define MBEDTLS_PLATFORM_ZEROIZE_CHECK_UNSAFE

 #if defined(MBEDTLS_HAVE_TIME_DATE)
 /**