From 17b2ac2a7c1fd5b7ca054357e5260dfd22f6dabf Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 11 Sep 2018 15:34:17 +0200
Subject: [PATCH] CTR_DRBG: clean stack buffers

Wipe stack buffers that may contain sensitive data (data that
contributes to the DRBG state.
---
 library/ctr_drbg.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index e8fdd9b6c..c023c699e 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -264,6 +264,7 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
     mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS );
     memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, MBEDTLS_CTR_DRBG_BLOCKSIZE );
 
+    mbedtls_zeroize( tmp, sizeof( tmp ) );
     return( 0 );
 }
 
@@ -281,6 +282,7 @@ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
 
         block_cipher_df( add_input, additional, add_len );
         ctr_drbg_update_internal( ctx, add_input );
+        mbedtls_zeroize( add_input, sizeof( add_input ) );
     }
 }
 
@@ -327,6 +329,7 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
     ctr_drbg_update_internal( ctx, seed );
     ctx->reseed_counter = 1;
 
+    mbedtls_zeroize( seed, sizeof( seed ) );
     return( 0 );
 }
 
@@ -393,6 +396,8 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
 
     ctx->reseed_counter++;
 
+    mbedtls_zeroize( add_input, sizeof( add_input ) );
+    mbedtls_zeroize( tmp, sizeof( tmp ) );
     return( 0 );
 }