Introduce polarssl_zeroize() instead of memset() for zeroization
diff --git a/library/bignum.c b/library/bignum.c
index eb0fb51..5f61d13 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -39,6 +39,11 @@
#include <stdlib.h>
+/* Implementation that should never be optimized out by the compiler */
+static void polarssl_zeroize( void *v, size_t n ) {
+ volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
#define ciL (sizeof(t_uint)) /* chars in limb */
#define biL (ciL << 3) /* bits in limb */
#define biH (ciL << 2) /* half limb size */
@@ -72,7 +77,7 @@
if( X->p != NULL )
{
- memset( X->p, 0, X->n * ciL );
+ polarssl_zeroize( X->p, X->n * ciL );
free( X->p );
}
@@ -101,7 +106,7 @@
if( X->p != NULL )
{
memcpy( p, X->p, X->n * ciL );
- memset( X->p, 0, X->n * ciL );
+ polarssl_zeroize( X->p, X->n * ciL );
free( X->p );
}