Introduce polarssl_zeroize() instead of memset() for zeroization

library/cipher_wrap.c

@@ -74,6 +74,11 @@
 
 #include <stdlib.h>
 
+/* Implementation that should never be optimized out by the compiler */
+static void polarssl_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
 #if defined(POLARSSL_GCM_C)
 /* shared by all GCM ciphers */
 static void *gcm_ctx_alloc( void )
@@ -187,6 +192,7 @@ static void * aes_ctx_alloc( void )
 
 static void aes_ctx_free( void *ctx )
 {
+    polarssl_zeroize( ctx, sizeof( aes_context ) );
     polarssl_free( ctx );
 }
 
@@ -540,6 +546,7 @@ static void * camellia_ctx_alloc( void )
 
 static void camellia_ctx_free( void *ctx )
 {
+    polarssl_zeroize( ctx, sizeof( camellia_context ) );
     polarssl_free( ctx );
 }
 
@@ -948,6 +955,13 @@ static void * des3_ctx_alloc( void )
 
 static void des_ctx_free( void *ctx )
 {
+    polarssl_zeroize( ctx, sizeof( des_context ) );
+    polarssl_free( ctx );
+}
+
+static void des3_ctx_free( void *ctx )
+{
+    polarssl_zeroize( ctx, sizeof( des3_context ) );
     polarssl_free( ctx );
 }
 
@@ -998,7 +1012,7 @@ const cipher_base_t des_ede_info = {
     des3_set2key_enc_wrap,
     des3_set2key_dec_wrap,
     des3_ctx_alloc,
-    des_ctx_free
+    des3_ctx_free
 };
 
 const cipher_info_t des_ede_ecb_info = {
@@ -1035,7 +1049,7 @@ const cipher_base_t des_ede3_info = {
     des3_set3key_enc_wrap,
     des3_set3key_dec_wrap,
     des3_ctx_alloc,
-    des_ctx_free
+    des3_ctx_free
 };
 
 const cipher_info_t des_ede3_ecb_info = {
@@ -1143,6 +1157,7 @@ static void * blowfish_ctx_alloc( void )
 
 static void blowfish_ctx_free( void *ctx )
 {
+    polarssl_zeroize( ctx, sizeof( blowfish_context ) );
     polarssl_free( ctx );
 }
 
@@ -1236,6 +1251,7 @@ static void * arc4_ctx_alloc( void )
 
 static void arc4_ctx_free( void *ctx )
 {
+    polarssl_zeroize( ctx, sizeof( arc4_context ) );
     polarssl_free( ctx );
 }