1 /* Copyright (c) (2014-2019,2021) Apple Inc. All rights reserved.
2 *
3 * corecrypto is licensed under Apple Inc.’s Internal Use License Agreement (which
4 * is contained in the License.txt file distributed with corecrypto) and only to
5 * people who accept that license. IMPORTANT: Any license rights granted to you by
6 * Apple Inc. (if any) are limited to internal use within your organization only on
7 * devices and computers you own or control, for the sole purpose of verifying the
8 * security characteristics and correct functioning of the Apple Software. You may
9 * not, directly or indirectly, redistribute the Apple Software or any portions thereof.
10 *
11 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
12 *
13 * This file contains Original Code and/or Modifications of Original Code
14 * as defined in and that are subject to the Apple Public Source License
15 * Version 2.0 (the 'License'). You may not use this file except in
16 * compliance with the License. The rights granted to you under the License
17 * may not be used to create, or enable the creation or redistribution of,
18 * unlawful or unlicensed copies of an Apple operating system, or to
19 * circumvent, violate, or enable the circumvention or violation of, any
20 * terms of an Apple operating system software license agreement.
21 *
22 * Please obtain a copy of the License at
23 * http://www.opensource.apple.com/apsl/ and read it before using this file.
24 *
25 * The Original Code and all software distributed under the License are
26 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
27 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
28 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
29 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
30 * Please see the License for the specific language governing rights and
31 * limitations under the License.
32 *
33 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
34 */
35
36 #include "cc_internal.h"
37 #include <corecrypto/cc.h>
38 #include <corecrypto/cc_config.h>
39 #include "fipspost_trace.h"
40
41 #if CC_HAS_SECUREZEROMEMORY
42 #include <windows.h>
43 #endif
44
45 #if !(CC_HAS_MEMSET_S || CC_HAS_SECUREZEROMEMORY || CC_HAS_EXPLICIT_BZERO)
46 /*
47 * Pointer to memset is volatile so that the compiler must dereference
48 * it and can't assume it points to any function in particular
49 * (such as memset, which it then might further "optimize").
50 */
51 static void* (*const volatile memset_ptr)(void*, int, size_t) = memset;
52 #endif
53
54 void
cc_clear(size_t len,void * dst)55 cc_clear(size_t len, void *dst)
56 {
57 CC_ENSURE_DIT_ENABLED
58
59 FIPSPOST_TRACE_EVENT;
60
61 #if CC_HAS_MEMSET_S
62 memset_s(dst, len, 0, len);
63 #elif CC_HAS_SECUREZEROMEMORY
64 SecureZeroMemory(dst, len);
65 #elif CC_HAS_EXPLICIT_BZERO
66 explicit_bzero(dst, len);
67 #else
68 (memset_ptr)(dst, 0, len);
69
70 /* One more safeguard, should all hell break loose - a memory barrier.
71 * The volatile function pointer _should_ work, but compilers are by
72 * spec allowed to load `memset_ptr` into a register and skip the
73 * call if `memset_ptr == memset`. However, too many systems rely
74 * on such behavior for compilers to try and optimize it. */
75 __asm__ __volatile__ ("" : : "r"(dst) : "memory");
76 #endif
77 }
78