Introduce polarssl_zeroize() instead of memset() for zeroization

commit: 346177255931fb1e3514e124a1f598715a5fe92d [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Fri Jun 13 17:20:13 2014 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Sat Jun 14 16:46:03 2014 +0200
tree: da658994944be861b8b2a1001c9b759976276891
parent: bbcb1ce7030575d708700ca205800e847d846402 [diff] [blame]
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 7121d7b..19c33a7 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -55,6 +55,13 @@
 #include <time.h>
 #endif
 
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+/* Implementation that should never be optimized out by the compiler */
+static void polarssl_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+#endif
+
 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
 static void ssl_write_hostname_ext( ssl_context *ssl,
                                     unsigned char *buf,
@@ -2466,6 +2473,8 @@
     if( ticket_len == 0)
         return( 0 );
 
+    polarssl_zeroize( ssl->session_negotiate->ticket,
+                      ssl->session_negotiate->ticket_len );
     polarssl_free( ssl->session_negotiate->ticket );
     ssl->session_negotiate->ticket = NULL;
     ssl->session_negotiate->ticket_len = 0;
commit	346177255931fb1e3514e124a1f598715a5fe92d	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Fri Jun 13 17:20:13 2014 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Sat Jun 14 16:46:03 2014 +0200
tree	da658994944be861b8b2a1001c9b759976276891
parent	bbcb1ce7030575d708700ca205800e847d846402 [diff] [blame]