Prevent leaking plaintext in psa_cipher_finish()

commit: 279ab8e69be6c05105f5b422507886dd112733fd [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Mon Jul 09 16:13:21 2018 +0100
committer: itayzafrir <itay.zafrir@arm.com> Wed Sep 12 16:41:11 2018 +0300
tree: f8c80005597128901781ac0eae6f537c419ca3bc
parent: 315b51c22d8356db9bd550a4b71239b19faa7420 [diff]
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index e10ca30..e5833ce 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -2463,6 +2463,7 @@
         goto error;
     }
 
+    mbedtls_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) );
     status = psa_cipher_abort( operation );
 
     return( status );
@@ -2471,6 +2472,7 @@
 
     *output_length = 0;
 
+    mbedtls_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) );
     (void) psa_cipher_abort( operation );
 
     return( status );
commit	279ab8e69be6c05105f5b422507886dd112733fd	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Mon Jul 09 16:13:21 2018 +0100
committer	itayzafrir <itay.zafrir@arm.com>	Wed Sep 12 16:41:11 2018 +0300
tree	f8c80005597128901781ac0eae6f537c419ca3bc
parent	315b51c22d8356db9bd550a4b71239b19faa7420 [diff]