From 169e61add63d5ee2f5df158f10c7068204abd932 Mon Sep 17 00:00:00 2001
From: Neil Armstrong <narmstrong@baylibre.com>
Date: Mon, 14 Mar 2022 14:26:49 +0100
Subject: [PATCH] Zeroise stack buffer containing private key

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 library/pk_wrap.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index aad56a4d1c..d5d57aa3b7 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -281,6 +281,7 @@ static int rsa_decrypt_wrap( void *ctx,
     ret = 0;
 
 cleanup:
+    mbedtls_platform_zeroize( buf, sizeof( buf ) );
     status = psa_destroy_key( key_id );
     if( ret == 0 && status != PSA_SUCCESS )
         ret = mbedtls_pk_error_from_psa( status );