FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

mbedTLS: memset vs hash_zeroize

Moemen
Associate

‎2025-10-22 8:13 AM - last edited on ‎2025-10-22 8:20 AM by

Hello!

This function was defined and used instead of memset to reset mbedtls's sha256 context. Is there a good reason behind this choice?

https://github.com/STMicroelectronics/STM32CubeH7/blob/master/Middlewares/Third_Party/mbedTLS/library/templates/hash_stm32.c  

/* Implementation that should never be optimized out by the compiler */
void hash_zeroize( void *v, size_t n )
{
    volatile unsigned char *p = (unsigned char *)v;
    while (n--)
    {
        *p++ = 0;
    }
}

 

Labels:
0 Kudos
1 REPLY 1
TDK
Super User

‎2025-10-22 10:18 AM

By assigning to a volatile pointer, this ensures the code is not optimized out. Otherwise, if the operation has no effect, it can be optimized away.

If this resets bytes such as a hash or password or other sensitive information that you want to protect from other parts of the code and ensure are no longer in memory, it is imperative that the operation actually take place.

If you feel a post has answered your question, please click "Accept as Solution".
Top