Introduce polarssl_zeroize() instead of memset() for zeroization
diff --git a/library/cipher.c b/library/cipher.c
index 4f76b48..794f34f 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -57,6 +57,11 @@
#define strcasecmp _stricmp
#endif
+/* Implementation that should never be optimized out by the compiler */
+static void polarssl_zeroize( void *v, size_t n ) {
+ volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
static int supported_init = 0;
const int *cipher_list( void )
@@ -152,6 +157,7 @@
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
+ polarssl_zeroize( ctx, sizeof(cipher_context_t) );
return 0;
}