From 874598669971cf6f0ee6157a487d906af63e01a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 17 Jun 2020 12:40:57 +0200
Subject: [PATCH] Zeroize temporary stack buffer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 library/ecp.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/library/ecp.c b/library/ecp.c
index 8da65ad1d..6fdadf22e 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -289,10 +289,10 @@ static int ecp_drbg_random( void *p_rng, unsigned char *output, size_t output_le
     ecp_drbg_context *ctx = p_rng;
     int ret;
     size_t len_done = 0;
+    uint8_t tmp[HASH_BLOCK_BYTES];
 
     while( len_done < output_len )
     {
-        uint8_t tmp[HASH_BLOCK_BYTES];
         uint8_t use_len;
 
         /* We don't need to draw more that 255 blocks, so don't bother with
@@ -314,6 +314,8 @@ static int ecp_drbg_random( void *p_rng, unsigned char *output, size_t output_le
         len_done += use_len;
     }
 
+    mbedtls_zeroize( tmp, sizeof( tmp ) );
+
     return( 0 );
 }