From 0f49bbc1fc63feafed4b295c1bb0880385faffed Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 18 Oct 2017 12:41:30 +0100
Subject: [PATCH] Zeroize stack before returning from mpi_fill_random

---
 library/bignum.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/library/bignum.c b/library/bignum.c
index 886429206..25fe8beeb 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1881,6 +1881,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
     MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) );
 
 cleanup:
+    mbedtls_zeroize( buf, sizeof( buf ) );
     return( ret );
 }