1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
// SPDX-License-Identifier: MIT
/*
* This is a function to zeroize a section of memory
*
* We do this because when we release a section of memory (either because it's
* a local variable going out of scope, or we free it), it's possible that
* the memory will retain its contents after another allocation (possibly
* done by someone outside this module). So, to avoid this potential security
* issue, we scrub the memory (at least, the parts that have data that would
* make it possible to forge if it leaked) before releasing it.
*
* Now, there's a bunch of things we don't mind being exposed (e.g. internal
* node values of Merkle trees), so we don't use this everywhere; only where
* it is needed
*
* We use this, rather than having routines simply call memset, to avoid
* potential problems with overenthusiastic optimizers. Generally, we zeroize
* an area immediately before it goes out of scope or we free it, however an
* optimizer might conclude "they're about to release the memory, there's no
* need to write to it first"
*
* For similar reasons, this function is in its own source file (so that a
* compiler optimizer who doesn't examine more than one source at a time can't
* eliminate it). If we are worried about optimizers who can be even more
* enthusiastic, there are other things we can try; however we're not going to
* worry about that right now
*/
void