xref: /xnu-10002.81.5/osfmk/corecrypto/cc_clear.c (revision 5e3eaea39dcf651e66cb99ba7d70e32cc4a99587)
1 /* Copyright (c) (2014-2019,2021) Apple Inc. All rights reserved.
2  *
3  * corecrypto is licensed under Apple Inc.’s Internal Use License Agreement (which
4  * is contained in the License.txt file distributed with corecrypto) and only to
5  * people who accept that license. IMPORTANT:  Any license rights granted to you by
6  * Apple Inc. (if any) are limited to internal use within your organization only on
7  * devices and computers you own or control, for the sole purpose of verifying the
8  * security characteristics and correct functioning of the Apple Software.  You may
9  * not, directly or indirectly, redistribute the Apple Software or any portions thereof.
10  *
11  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
12  *
13  * This file contains Original Code and/or Modifications of Original Code
14  * as defined in and that are subject to the Apple Public Source License
15  * Version 2.0 (the 'License'). You may not use this file except in
16  * compliance with the License. The rights granted to you under the License
17  * may not be used to create, or enable the creation or redistribution of,
18  * unlawful or unlicensed copies of an Apple operating system, or to
19  * circumvent, violate, or enable the circumvention or violation of, any
20  * terms of an Apple operating system software license agreement.
21  *
22  * Please obtain a copy of the License at
23  * http://www.opensource.apple.com/apsl/ and read it before using this file.
24  *
25  * The Original Code and all software distributed under the License are
26  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
27  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
28  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
29  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
30  * Please see the License for the specific language governing rights and
31  * limitations under the License.
32  *
33  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
34  */
35 
36 #include "cc_internal.h"
37 #include <corecrypto/cc.h>
38 #include <corecrypto/cc_config.h>
39 #include "fipspost_trace.h"
40 
41 #if CC_HAS_SECUREZEROMEMORY
42 #include <windows.h>
43 #endif
44 
45 #if !(CC_HAS_MEMSET_S || CC_HAS_SECUREZEROMEMORY || CC_HAS_EXPLICIT_BZERO)
46 /*
47  * Pointer to memset is volatile so that the compiler must dereference
48  * it and can't assume it points to any function in particular
49  * (such as memset, which it then might further "optimize").
50  */
51 static void* (*const volatile memset_ptr)(void*, int, size_t) = memset;
52 #endif
53 
54 void
cc_clear(size_t len,void * dst)55 cc_clear(size_t len, void *dst)
56 {
57 	CC_ENSURE_DIT_ENABLED
58 
59 	    FIPSPOST_TRACE_EVENT;
60 
61 #if CC_HAS_MEMSET_S
62 	memset_s(dst, len, 0, len);
63 #elif CC_HAS_SECUREZEROMEMORY
64 	SecureZeroMemory(dst, len);
65 #elif CC_HAS_EXPLICIT_BZERO
66 	explicit_bzero(dst, len);
67 #else
68 	(memset_ptr)(dst, 0, len);
69 
70 	/* One more safeguard, should all hell break loose - a memory barrier.
71 	 * The volatile function pointer _should_ work, but compilers are by
72 	 * spec allowed to load `memset_ptr` into a register and skip the
73 	 * call if `memset_ptr == memset`. However, too many systems rely
74 	 * on such behavior for compilers to try and optimize it. */
75 	__asm__ __volatile__ ("" : : "r"(dst) : "memory");
76 #endif
77 }
78