From 279ab8e69be6c05105f5b422507886dd112733fd Mon Sep 17 00:00:00 2001
From: Janos Follath <janos.follath@arm.com>
Date: Mon, 9 Jul 2018 16:13:21 +0100
Subject: [PATCH] Prevent leaking plaintext in psa_cipher_finish()

---
 library/psa_crypto.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index e10ca30ed..e5833ce22 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2463,6 +2463,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
         goto error;
     }
 
+    mbedtls_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) );
     status = psa_cipher_abort( operation );
 
     return( status );
@@ -2471,6 +2472,7 @@ error:
 
     *output_length = 0;
 
+    mbedtls_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) );
     (void) psa_cipher_abort( operation );
 
     return( status );