Add ctr_drbg_free()
diff --git a/include/polarssl/ctr_drbg.h b/include/polarssl/ctr_drbg.h
index 4b5a444..bebbfe9 100644
--- a/include/polarssl/ctr_drbg.h
+++ b/include/polarssl/ctr_drbg.h
@@ -131,6 +131,13 @@
size_t len );
/**
+ * \brief Clear CTR_CRBG context data
+ *
+ * \param ctx CTR_DRBG context to clear
+ */
+void ctr_drbg_free( ctr_drbg_context *ctx );
+
+/**
* \brief Enable / disable prediction resistance (Default: Off)
*
* Note: If enabled, entropy is used for ctx->entropy_len before each call!
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index 249b840..96ee4f1 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -48,6 +48,11 @@
#define polarssl_printf printf
#endif
+/* Implementation that should never be optimized out by the compiler */
+static void polarssl_zeroize( void *v, size_t n ) {
+ volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
/*
* Non-public function wrapped by ctr_crbg_init(). Necessary to allow NIST
* tests to succeed (which require known length fixed entropy)
@@ -95,6 +100,15 @@
CTR_DRBG_ENTROPY_LEN ) );
}
+void ctr_drbg_free( ctr_drbg_context *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ aes_free( &ctx->aes_ctx );
+ polarssl_zeroize( ctx, sizeof( ctr_drbg_context ) );
+}
+
void ctr_drbg_set_prediction_resistance( ctr_drbg_context *ctx, int resistance )
{
ctx->prediction_resistance = resistance;