Demonstrate safe usage (zeroize) in ssl_client2
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 317fea3..1fc86c5 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -2459,8 +2459,12 @@
if( opt.reco_mode == 1 )
{
/* free any previously saved data */
- mbedtls_free( session_data );
- session_data = NULL;
+ if( session_data != NULL )
+ {
+ mbedtls_platform_zeroize( session_data, session_data_len );
+ mbedtls_free( session_data );
+ session_data = NULL;
+ }
/* get size of the buffer needed */
mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ),
@@ -3024,6 +3028,8 @@
mbedtls_ssl_config_free( &conf );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
+ if( session_data != NULL )
+ mbedtls_platform_zeroize( session_data, session_data_len );
mbedtls_free( session_data );
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) && \