Demonstrate safe usage (zeroize) in ssl_client2

commit: 4bb1b99c7ff9197fded11614396033d5835831c7 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Fri May 24 10:26:41 2019 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Jun 03 09:51:08 2019 +0200
tree: 217f9654ecbce4c77d0817c480e49c9298b82365
parent: 2d8847e84dc6651403afd68743ac36b95ac7b6b8 [diff] [blame]
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index eae234e..49e3938 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c

@@ -1882,8 +1882,12 @@
         if( opt.reco_mode == 1 )
         {
             /* free any previously saved data */
-            mbedtls_free( session_data );
-            session_data = NULL;
+            if( session_data != NULL )
+            {
+                mbedtls_platform_zeroize( session_data, session_data_len );
+                mbedtls_free( session_data );
+                session_data = NULL;
+            }
 
             /* get size of the buffer needed */
             mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ),
@@ -2441,6 +2445,8 @@
     mbedtls_ssl_config_free( &conf );
     mbedtls_ctr_drbg_free( &ctr_drbg );
     mbedtls_entropy_free( &entropy );
+    if( session_data != NULL )
+        mbedtls_platform_zeroize( session_data, session_data_len );
     mbedtls_free( session_data );
 
 #if defined(_WIN32)
commit	4bb1b99c7ff9197fded11614396033d5835831c7	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Fri May 24 10:26:41 2019 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon Jun 03 09:51:08 2019 +0200
tree	217f9654ecbce4c77d0817c480e49c9298b82365
parent	2d8847e84dc6651403afd68743ac36b95ac7b6b8 [diff] [blame]