Demonstrate safe usage (zeroize) in ssl_client2

commit: 4d591d6d3feabf0982dbf16b5773ccf770dfc1da [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Fri May 24 10:26:41 2019 +0200
committer: Jarno Lamsa <jarno.lamsa@arm.com> Fri Aug 23 12:48:41 2019 +0300
tree: d05c400b6c07ef87a0e5f4e090df141ec8c51b55
parent: 6472263eade048c65973e77f3afea2ed3dcbcca5 [diff]
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 317fea3..1fc86c5 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c

@@ -2459,8 +2459,12 @@
         if( opt.reco_mode == 1 )
         {
             /* free any previously saved data */
-            mbedtls_free( session_data );
-            session_data = NULL;
+            if( session_data != NULL )
+            {
+                mbedtls_platform_zeroize( session_data, session_data_len );
+                mbedtls_free( session_data );
+                session_data = NULL;
+            }
 
             /* get size of the buffer needed */
             mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ),
@@ -3024,6 +3028,8 @@
     mbedtls_ssl_config_free( &conf );
     mbedtls_ctr_drbg_free( &ctr_drbg );
     mbedtls_entropy_free( &entropy );
+    if( session_data != NULL )
+        mbedtls_platform_zeroize( session_data, session_data_len );
     mbedtls_free( session_data );
 
 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) && \
commit	4d591d6d3feabf0982dbf16b5773ccf770dfc1da	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Fri May 24 10:26:41 2019 +0200
committer	Jarno Lamsa <jarno.lamsa@arm.com>	Fri Aug 23 12:48:41 2019 +0300
tree	d05c400b6c07ef87a0e5f4e090df141ec8c51b55
parent	6472263eade048c65973e77f3afea2ed3dcbcca5 [diff]