Zeroize old psk buf when changing value in ssl_tls

commit: a00498819f16f2d4970e598537791fb05f28ebe2 [log] [tgz]
author: Andres Amaya Garcia <andres.amayagarcia@arm.com> Mon Jun 26 11:35:17 2017 +0100
committer: Andres Amaya Garcia <andres.amayagarcia@arm.com> Mon Jun 26 11:35:17 2017 +0100
tree: 72921debf065dd470f7e76e315c2e0505925bfcc
parent: 7351e124108f048c1fd526c5189f2945ad750bcf [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 661ae70..9b5fccb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -6051,6 +6051,7 @@
 
     if( conf->psk != NULL || conf->psk_identity != NULL )
     {
+        mbedtls_zeroize( conf->psk, conf->psk_len );
         mbedtls_free( conf->psk );
         mbedtls_free( conf->psk_identity );
         conf->psk = NULL;
@@ -6086,7 +6087,10 @@
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
     if( ssl->handshake->psk != NULL )
+    {
+        mbedtls_zeroize( ssl->handshake->psk, ssl->handshake->psk_len );
         mbedtls_free( ssl->handshake->psk );
+    }
 
     if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
         return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
commit	a00498819f16f2d4970e598537791fb05f28ebe2	[log] [tgz]
author	Andres Amaya Garcia <andres.amayagarcia@arm.com>	Mon Jun 26 11:35:17 2017 +0100
committer	Andres Amaya Garcia <andres.amayagarcia@arm.com>	Mon Jun 26 11:35:17 2017 +0100
tree	72921debf065dd470f7e76e315c2e0505925bfcc
parent	7351e124108f048c1fd526c5189f2945ad750bcf [diff] [blame]