From 28ea79152115b4b02543d1696d522830931b040c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 13 Jan 2016 11:30:00 +0000
Subject: [PATCH] cmac: zeroize sensitive intermediate values

---
 library/cmac.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/library/cmac.c b/library/cmac.c
index 8f6574a20..87846a617 100644
--- a/library/cmac.c
+++ b/library/cmac.c
@@ -129,6 +129,8 @@ static int generate_subkeys( mbedtls_cmac_context *ctx )
     multiply_by_u( ctx->K1, L );
     multiply_by_u( ctx->K2, ctx->K1 );
 
+    mbedtls_zeroize( L, sizeof( L ) );
+
     return( 0 );
 }
 
@@ -336,6 +338,9 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx,
     {
         return( ret );
     }
+
+    mbedtls_zeroize( int_key, sizeof( int_key ) );
+
     return( mbedtls_cmac_generate( ctx, input, in_len, tag, 16 ) );
 }