From 901c9b731f5a1cae3f1802d09e2525ee0d0913fc Mon Sep 17 00:00:00 2001
From: Steven Cooreman <steven.cooreman@silabs.com>
Date: Fri, 25 Feb 2022 11:14:59 +0100
Subject: [PATCH] Erase secrets in allocated memory before freeing said memory

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
---
 library/psa_crypto_storage.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index b485c50c6..6c8321fa8 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -347,6 +347,7 @@ psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr,
     status = psa_crypto_storage_store( attr->id,
                                        storage_data, storage_data_length );
 
+    mbedtls_platform_zeroize( storage_data, storage_data_length );
     mbedtls_free( storage_data );
 
     return( status );
@@ -392,6 +393,7 @@ psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
         status = PSA_ERROR_STORAGE_FAILURE;
 
 exit:
+    mbedtls_platform_zeroize( loaded_data, storage_data_length );
     mbedtls_free( loaded_data );
     return( status );
 }