From a0ae1db2f7635e8a92250c08d9b00338b7c953ff Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 10:51:22 +0100 Subject: [PATCH] Zeroize buffers in various modules --- library/ssl_tls.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bae8433fe..645fa32c7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4140,12 +4140,19 @@ int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len, return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); } - if( ssl->psk != NULL || ssl->psk_identity != NULL ) + if( ssl->psk != NULL ) { + polarssl_zeroize( ssl->psk, ssl->psk_len ); + polarssl_free( ssl->psk ); - polarssl_free( ssl->psk_identity ); ssl->psk = NULL; + ssl->psk_len = 0; + } + if( ssl->psk_identity != NULL ) + { + polarssl_free( ssl->psk_identity ); ssl->psk_identity = NULL; + ssl->psk_identity_len = 0; } if( ( ssl->psk = polarssl_malloc( psk_len ) ) == NULL ||