From 6835b4a6ed0df878a89ea3ac9d5b0aeae9db6343 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Thu, 22 Jun 2023 09:06:31 +0200
Subject: [PATCH] tls: always zeroize buffer on exit

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 library/ssl_tls12_server.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index c791f81ba8..26d570a2e4 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -2682,6 +2682,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
                 break;
             }
 
+            mbedtls_platform_zeroize(buf, sizeof(buf));
             ret = 0;
             break;
 #endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */