replace memset by secure_erase

embetrix · Jan 9, 2025 · 84983b8 · 84983b8
1 parent 303b3e9
commit 84983b8
Showing 1 changed file with 13 additions and 2 deletions.
diff --git a/stm32mp-sign-tool.cpp b/stm32mp-sign-tool.cpp
@@ -88,6 +88,17 @@ void print_hex(const std::string& label, const std::vector<unsigned char>& data)
     std::cout << std::dec << std::endl;
 }
 
+void secure_erase(void* ptr, size_t len) {
+    if (!ptr || len == 0) {
+        return;
+    }
+    // Write via volatile pointer
+    volatile unsigned char* p = static_cast<volatile unsigned char*>(ptr);
+    while (len--) {
+        *p++ = 0;
+    }
+}
+
 int get_ec_pubkey(const unsigned char* pubkey, size_t pubkey_len, uint32_t algo, EC_KEY** ec_key) {
     if (!pubkey) {
         std::cerr << "Public key is empty" << std::endl;
@@ -562,12 +573,12 @@ int main(int argc, char* argv[]) {
 
     // Securely erase the passphrase
     if (passphrase) {
-        std::memset(static_cast<void*>(const_cast<char*>(passphrase)), 0, std::strlen(passphrase));
+        secure_erase(static_cast<void*>(const_cast<char*>(passphrase)), std::strlen(passphrase));
     }
 
     // Securely erase the key_desc in case it's a pkcs11 uri with pin
     if (key_desc) {
-        std::memset(static_cast<void*>(const_cast<char*>(key_desc)), 0, std::strlen(key_desc));
+        secure_erase(static_cast<void*>(const_cast<char*>(key_desc)), std::strlen(key_desc));
     }
 
     return 0;