From 03faf5d2c174eef1ebab39a8139a4042e77049b8 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Date: Wed, 20 Apr 2022 08:37:43 +0200 Subject: [PATCH] psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com> --- library/psa_crypto.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1cb00c8011..c2d8b16be8 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5313,6 +5313,7 @@ static psa_status_t psa_tls12_prf_psk_to_ms_set_key( if ( prf->other_secret_length != 0 ) { memcpy( cur, prf->other_secret, prf->other_secret_length ); + mbedtls_platform_zeroize( prf->other_secret, prf->other_secret_length ); cur += prf->other_secret_length; } } @@ -5327,6 +5328,7 @@ static psa_status_t psa_tls12_prf_psk_to_ms_set_key( *cur++ = MBEDTLS_BYTE_1( data_length ); *cur++ = MBEDTLS_BYTE_0( data_length ); memcpy( cur, data, data_length ); + mbedtls_platform_zeroize( (void*) data, data_length ); cur += data_length; status = psa_tls12_prf_set_key( prf, pms, cur - pms );