Add missing zeroization of reassembled handshake messages This commit ensures that buffers holding fragmented or handshake messages get zeroized before they are freed when the respective handshake message is no longer needed. Previously, the handshake message content would leak on the heap.

commit: 728d6cdcef3cd327ba5ac03ee0975017b0efd5b2 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Mon Oct 15 13:22:22 2018 +0100
committer: Hanno Becker <hanno.becker@arm.com> Tue Oct 16 09:14:58 2018 +0100
tree: 8a15a072f7c923289b46c8d9aa8a1dcc79570aee
parent: 6a74b2f687c53e9f2c43f044511f0d87281914a3 [diff]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8091795..00ae9fc 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -3212,6 +3212,7 @@
 
     memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen );
 
+    mbedtls_zeroize( ssl->handshake->hs_msg, ssl->in_hslen );
     mbedtls_free( ssl->handshake->hs_msg );
     ssl->handshake->hs_msg = NULL;
commit	728d6cdcef3cd327ba5ac03ee0975017b0efd5b2	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Mon Oct 15 13:22:22 2018 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Tue Oct 16 09:14:58 2018 +0100
tree	8a15a072f7c923289b46c8d9aa8a1dcc79570aee
parent	6a74b2f687c53e9f2c43f044511f0d87281914a3 [diff]