From 4d591d6d3feabf0982dbf16b5773ccf770dfc1da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Fri, 24 May 2019 10:26:41 +0200
Subject: [PATCH] Demonstrate safe usage (zeroize) in ssl_client2

---
 programs/ssl/ssl_client2.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 317fea373..1fc86c5d7 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -2459,8 +2459,12 @@ int main( int argc, char *argv[] )
         if( opt.reco_mode == 1 )
         {
             /* free any previously saved data */
-            mbedtls_free( session_data );
-            session_data = NULL;
+            if( session_data != NULL )
+            {
+                mbedtls_platform_zeroize( session_data, session_data_len );
+                mbedtls_free( session_data );
+                session_data = NULL;
+            }
 
             /* get size of the buffer needed */
             mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ),
@@ -3024,6 +3028,8 @@ exit:
     mbedtls_ssl_config_free( &conf );
     mbedtls_ctr_drbg_free( &ctr_drbg );
     mbedtls_entropy_free( &entropy );
+    if( session_data != NULL )
+        mbedtls_platform_zeroize( session_data, session_data_len );
     mbedtls_free( session_data );
 
 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) && \