From 03faf5d2c174eef1ebab39a8139a4042e77049b8 Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Wed, 20 Apr 2022 08:37:43 +0200
Subject: [PATCH] psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 library/psa_crypto.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 1cb00c8011..c2d8b16be8 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -5313,6 +5313,7 @@ static psa_status_t psa_tls12_prf_psk_to_ms_set_key(
         if ( prf->other_secret_length != 0 )
         {
             memcpy( cur, prf->other_secret, prf->other_secret_length );
+            mbedtls_platform_zeroize( prf->other_secret, prf->other_secret_length );
             cur += prf->other_secret_length;
         }
     }
@@ -5327,6 +5328,7 @@ static psa_status_t psa_tls12_prf_psk_to_ms_set_key(
     *cur++ = MBEDTLS_BYTE_1( data_length );
     *cur++ = MBEDTLS_BYTE_0( data_length );
     memcpy( cur, data, data_length );
+    mbedtls_platform_zeroize( (void*) data, data_length );
     cur += data_length;
 
     status = psa_tls12_prf_set_key( prf, pms, cur - pms );