+// Zero out a block of memory containing sensitive information using whatever secure
+// erase function is available on the platform (or an unreliable fallback if none are).
+// The pointer must not be NULL. Length can be zero, in which case the call is a noop.
+static inline void memzero(void *buf, size_t buflen) ATTR_NONNULL;
+static inline void memzero(void *buf, size_t buflen) {
+ assert(buf);
+
+ if(!buflen) {
+ return;
+ }
+
+#if defined(HAVE_EXPLICIT_BZERO)
+ explicit_bzero(buf, buflen);
+#elif defined(HAVE_EXPLICIT_MEMSET)
+ explicit_memset(buf, 0, buflen);
+#elif defined(HAVE_MEMSET_S)
+ errno_t err = memset_s(buf, buflen, 0, buflen);
+ assert(err == 0);
+#elif defined(HAVE_WINDOWS)
+ SecureZeroMemory(buf, buflen);
+#else
+ volatile uint8_t *p = buf;
+
+ while(buflen--) {
+ *p++ = 0;
+ }
+