Add FFI func botan_scrub_mem

3 files changed, 16 insertions, 0 deletions

diff --git a/src/lib/ffi/ffi.cpp b/src/lib/ffi/ffi.cpp
index 7e96e5514..46755ff54 100644
--- a/src/lib/ffi/ffi.cpp
+++ b/src/lib/ffi/ffi.cpp
@@ -393,6 +393,12 @@ int botan_same_mem(const uint8_t* x, const uint8_t* y, size_t len)
    return Botan::same_mem(x, y, len) ? 0 : -1;
    }
 
+int botan_scrub_mem(uint8_t* mem, size_t bytes)
+   {
+   Botan::secure_scrub_memory(mem, bytes);
+   return 0;
+   }
+
 int botan_hex_encode(const uint8_t* in, size_t len, char* out, uint32_t flags)
    {
    try
diff --git a/src/lib/ffi/ffi.h b/src/lib/ffi/ffi.h
index 5ce86a9b0..d194c4794 100644
--- a/src/lib/ffi/ffi.h
+++ b/src/lib/ffi/ffi.h
@@ -147,6 +147,12 @@ doesn't exactly work well either!
 */
 BOTAN_DLL int botan_same_mem(const uint8_t* x, const uint8_t* y, size_t len);
 
+/**
+* Clear out memory using a system specific approach to bypass elision by the
+* compiler (currently using RtlSecureZeroMemory or tricks with volatile pointers).
+*/
+BOTAN_DLL int botan_scrub_mem(uint8_t* mem, size_t bytes);
+
 #define BOTAN_FFI_HEX_LOWER_CASE 1
 
 /**
diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp
index cf97dd947..0e238ab1e 100644
--- a/src/tests/test_ffi.cpp
+++ b/src/tests/test_ffi.cpp
@@ -51,6 +51,10 @@ class FFI_Unit_Tests : public Test
          TEST_FFI_RC(0, botan_same_mem, (mem1.data(), mem2.data(), mem1.size()));
          TEST_FFI_RC(-1, botan_same_mem, (mem1.data(), mem3.data(), mem1.size()));
 
+         std::vector<uint8_t> to_zero = { 0xFF, 0xA0 };
+         TEST_FFI_OK(botan_scrub_mem, (to_zero.data(), to_zero.size()));
+         result.confirm("scrub_memory zeros", to_zero[0] == 0 && to_zero[1] == 0);
+
          const std::vector<uint8_t> bin = { 0xAA, 0xDE, 0x01 };
          const char* input_str = "ABC";