+
+#ifndef PLATFORM_HAS_SMEMCLR
+/*
+ * Securely wipe memory.
+ *
+ * The actual wiping is no different from what memset would do: the
+ * point of 'securely' is to try to be sure over-clever compilers
+ * won't optimise away memsets on variables that are about to be freed
+ * or go out of scope. See
+ * https://buildsecurityin.us-cert.gov/bsi-rules/home/g1/771-BSI.html
+ *
+ * Some platforms (e.g. Windows) may provide their own version of this
+ * function.
+ */
+void smemclr(void *b, size_t n) {
+ volatile char *vp;
+
+ if (b && n > 0) {
+ /*
+ * Zero out the memory.
+ */
+ memset(b, 0, n);
+
+ /*
+ * Perform a volatile access to the object, forcing the
+ * compiler to admit that the previous memset was important.
+ *
+ * This while loop should in practice run for zero iterations
+ * (since we know we just zeroed the object out), but in
+ * theory (as far as the compiler knows) it might range over
+ * the whole object. (If we had just written, say, '*vp =
+ * *vp;', a compiler could in principle have 'helpfully'
+ * optimised the memset into only zeroing out the first byte.
+ * This should be robust.)
+ */
+ vp = b;
+ while (*vp) vp++;
+ }
+}
+#endif