diff --git a/ChangeLog.d/ssl-mac-zeroize.txt b/ChangeLog.d/ssl-mac-zeroize.txt
new file mode 100644
index 0000000000..b49c7acd77
--- /dev/null
+++ b/ChangeLog.d/ssl-mac-zeroize.txt
@@ -0,0 +1,5 @@
+Security
+   * Zeroize intermediate variables used to calculate the MAC in CBC cipher
+     suites. This hardens the library in case stack memory leaks through a
+     memory disclosure vulnerabilty, which could formerly have allowed a
+     man-in-the-middle to inject fake ciphertext into a DTLS connection.
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index f7e40b123b..2d06fdd562 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -685,6 +685,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
         rec->data_len += transform->maclen;
         post_avail -= transform->maclen;
         auth_done++;
+        mbedtls_platform_zeroize( mac, transform->maclen );
     }
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
 
@@ -939,6 +940,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
             rec->data_len += transform->maclen;
             post_avail -= transform->maclen;
             auth_done++;
+            mbedtls_platform_zeroize( mac, transform->maclen );
         }
 #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
     }
@@ -1222,13 +1224,20 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
                                    transform->maclen );
 
             /* Compare expected MAC with MAC at the end of the record. */
+            ret = 0;
             if( mbedtls_ct_memcmp( data + rec->data_len, mac_expect,
                                               transform->maclen ) != 0 )
             {
                 MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
-                return( MBEDTLS_ERR_SSL_INVALID_MAC );
+                ret = MBEDTLS_ERR_SSL_INVALID_MAC;
+                goto hmac_failed_etm_enabled;
             }
             auth_done++;
+
+        hmac_failed_etm_enabled:
+            mbedtls_platform_zeroize( mac_expect, transform->maclen );
+            if( ret != 0 )
+                return( ret );
         }
 #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
 
@@ -1420,7 +1429,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
         if( ret != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ct_hmac", ret );
-            return( ret );
+            goto hmac_failed_etm_disabled;
         }
 
         mbedtls_ct_memcpy_offset( mac_peer, data,
@@ -1443,6 +1452,12 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
             correct = 0;
         }
         auth_done++;
+
+    hmac_failed_etm_disabled:
+        mbedtls_platform_zeroize( mac_peer, transform->maclen );
+        mbedtls_platform_zeroize( mac_expect, transform->maclen );
+        if( ret != 0 )
+            return( ret );
     }
 
     /*