Set PEM buffer to zero before freeing it Set PEM buffer to zero before freeing it, to avoid private keys being leaked to memory after releasing it.

commit: 31162e44239cb1f70b220a96163400e5775ec1d2 [log] [tgz]
author: Ron Eldor <Ron.Eldor@arm.com> Tue Sep 05 15:34:35 2017 +0300
committer: Ron Eldor <Ron.Eldor@arm.com> Tue Sep 05 15:34:35 2017 +0300
tree: 5255d6277eff343c0331f57c785753e96a6d3dc3
parent: 72ea31b026e1fc61b01662474aa5125817b968bc [diff]
diff --git a/library/pem.c b/library/pem.c
index 8dd86a4..4c23373 100644
--- a/library/pem.c
+++ b/library/pem.c

@@ -387,6 +387,7 @@
 
 void mbedtls_pem_free( mbedtls_pem_context *ctx )
 {
+    memset( ctx->buf, 0, ctx->buflen );
     mbedtls_free( ctx->buf );
     mbedtls_free( ctx->info );
commit	31162e44239cb1f70b220a96163400e5775ec1d2	[log] [tgz]
author	Ron Eldor <Ron.Eldor@arm.com>	Tue Sep 05 15:34:35 2017 +0300
committer	Ron Eldor <Ron.Eldor@arm.com>	Tue Sep 05 15:34:35 2017 +0300
tree	5255d6277eff343c0331f57c785753e96a6d3dc3
parent	72ea31b026e1fc61b01662474aa5125817b968bc [diff]