From 745db226dbb3c020e8c76aa3bf2a28d69ded8a7a Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 2 Dec 2021 16:31:19 +0800
Subject: [PATCH] fix possible security leak for counter

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_msg.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 286294f828..4de851c7b6 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5332,14 +5332,14 @@ void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl,
                                         mbedtls_ssl_transform *transform )
 {
     ssl->transform_in = transform;
-    memset( ssl->in_ctr, 0, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
+    mbedtls_platform_zeroize( ssl->in_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
 }
 
 void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,
                                          mbedtls_ssl_transform *transform )
 {
     ssl->transform_out = transform;
-    memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
+    mbedtls_platform_zeroize( ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) );
 }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)