Improve docs for mbedtls_zeroize() and add refs
diff --git a/library/utils.c b/library/utils.c
index 62b3244..e7fef6d 100644
--- a/library/utils.c
+++ b/library/utils.c
@@ -34,19 +34,25 @@
/*
* This implementation should never be optimized out by the compiler
*
- * This implementation for mbedtls_zeroize() uses a volatile function pointer.
- * We always know that it points to memset(), but because it is volatile the
- * compiler expects it to change at any time and will not optimize out the
- * call that could potentially perform other operations on the input buffer
- * instead of just setting it to 0. Nevertheless, optimizations of the
- * following form are still possible:
+ * This implementation for mbedtls_zeroize() was inspired from Colin Percival's
+ * blog article at:
+ *
+ * http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html
+ *
+ * It uses a volatile function pointer to the standard memset(). Because the
+ * pointer is volatile the compiler expects it to change at
+ * any time and will not optimize out the call that could potentially perform
+ * other operations on the input buffer instead of just setting it to 0.
+ * Nevertheless, as pointed out by davidtgoldblatt on Hacker News
+ * (refer to http://www.daemonology.net/blog/2014-09-05-erratum.html for
+ * details), optimizations of the following form are still possible:
*
* if( memset_func != memset )
* memset_func( buf, 0, len );
*
* Note that it is extremely difficult to guarantee that mbedtls_zeroize()
* will not be optimized out by aggressive compilers in a portable way. For
- * this reason, mbed TLS also provides the configuration option
+ * this reason, Mbed TLS also provides the configuration option
* MBEDTLS_UTILS_ZEROIZE_ALT, which allows users to configure
* mbedtls_zeroize() to use a suitable implementation for their platform and
* needs.
