AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update docs for MBEDTLS_PLATFORM_ZEROIZE_ALT in config.h

Browse Source
This commit is contained in:
Andres Amaya Garcia 2018-04-17 10:21:45 -05:00
parent 3ea559ea6c
commit c58787f507
1 changed files with 16 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
include/mbedtls/config.h
View File

@ -2853,25 +2853,26 @@
#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
/** /**
* \def MBEDTLS_UTILS_ZEROIZE_ALT * \def MBEDTLS_PLATFORM_ZEROIZE_ALT
* *
* Uncomment the macro to let mbed TLS use your alternate implementation of * Uncomment the macro to let mbed TLS use your alternate implementation of
* mbedtls_zeroize(). This replaces the default implementation in utils.c. * mbedtls_platform_zeroize(). This replaces the default implementation in
* platform_util.c.
* *
* mbedtls_zeroize() is a widely used function across the library to zero a * mbedtls_platform_zeroize() is a widely used function across the library to
* block of memory. The implementation is expected to be secure in the sense * zero a block of memory. The implementation is expected to be secure in the
* that it has been written to prevent the compiler from removing calls to * sense that it has been written to prevent the compiler from removing calls
* mbedtls_zeroize() as part of redundant code elimination optimizations. * to mbedtls_platform_zeroize() as part of redundant code elimination
* However, it is difficult to guarantee that calls to mbedtls_zeroize() will * optimizations. However, it is difficult to guarantee that calls to
* not be optimized by the compiler as older versions of the C language * mbedtls_platform_zeroize() will not be optimized by the compiler as older
* standards do not provide a secure implementation of memset(). Therefore, * versions of the C language standards do not provide a secure implementation
* MBEDTLS_UTILS_ZEROIZE_ALT enables users to configure their own * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
* implementation of mbedtls_zeroize(), for example by using directives * configure their own implementation of mbedtls_platform_zeroize(), for
* specific to their compiler, features from the C standard (e.g using * example by using directives specific to their compiler, features from the C
* memset_s() in C11) or calling a secure memset() from their system (e.g * standard (e.g using memset_s() in C11) or calling a secure memset() from
* explicit_bzero() in BSD). * their system (e.g explicit_bzero() in BSD).
*/ */
//#define MBEDTLS_UTILS_ZEROIZE_ALT //#define MBEDTLS_PLATFORM_ZEROIZE_ALT
/* \} name SECTION: Customisation configuration options */ /* \} name SECTION: Customisation configuration options */