Introduce polarssl_zeroize() instead of memset() for zeroization

library/sha512.c

@@ -48,6 +48,11 @@
 #define polarssl_printf printf
 #endif
 
+/* Implementation that should never be optimized out by the compiler */
+static void polarssl_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
 #if !defined(POLARSSL_SHA512_ALT)
 
 /*
@@ -335,7 +340,7 @@ void sha512( const unsigned char *input, size_t ilen,
     sha512_update( &ctx, input, ilen );
     sha512_finish( &ctx, output );
 
-    memset( &ctx, 0, sizeof( sha512_context ) );
+    polarssl_zeroize( &ctx, sizeof( sha512_context ) );
 }
 
 #if defined(POLARSSL_FS_IO)
@@ -359,7 +364,7 @@ int sha512_file( const char *path, unsigned char output[64], int is384 )
 
     sha512_finish( &ctx, output );
 
-    memset( &ctx, 0, sizeof( sha512_context ) );
+    polarssl_zeroize( &ctx, sizeof( sha512_context ) );
 
     if( ferror( f ) != 0 )
     {
@@ -400,7 +405,7 @@ void sha512_hmac_starts( sha512_context *ctx, const unsigned char *key,
     sha512_starts( ctx, is384 );
     sha512_update( ctx, ctx->ipad, 128 );
 
-    memset( sum, 0, sizeof( sum ) );
+    polarssl_zeroize( sum, sizeof( sum ) );
 }
 
 /*
@@ -429,7 +434,7 @@ void sha512_hmac_finish( sha512_context *ctx, unsigned char output[64] )
     sha512_update( ctx, tmpbuf, hlen );
     sha512_finish( ctx, output );
 
-    memset( tmpbuf, 0, sizeof( tmpbuf ) );
+    polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
 }
 
 /*
@@ -454,7 +459,7 @@ void sha512_hmac( const unsigned char *key, size_t keylen,
     sha512_hmac_update( &ctx, input, ilen );
     sha512_hmac_finish( &ctx, output );
 
-    memset( &ctx, 0, sizeof( sha512_context ) );
+    polarssl_zeroize( &ctx, sizeof( sha512_context ) );
 }
 
 #if defined(POLARSSL_SELF_TEST)