Securely zeroize a buffer.
The function is meant to wipe the data contained in a buffer so
that it can no longer be recovered even if the program memory
is later compromised. Call this function on sensitive data
stored on the stack before returning from a function, and on
sensitive data stored on the heap before freeing the heap
object.
It is extremely difficult to guarantee that calls to
mbedtls_platform_zeroize() are not removed by aggressive
compiler optimizations in a portable way. For this reason, Mbed
TLS provides the configuration option
MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
mbedtls_platform_zeroize() to use a suitable implementation for
their platform and needs
- Parameters
-
buf | Buffer to be zeroized |
len | Length of the buffer in bytes |