From 142f09fb96b3dc228bbbea92906813f41e292064 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Wed, 4 Nov 2020 13:20:24 +0100
Subject: [PATCH] ccm: zeroize buffers before and after usage

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 library/ccm.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/library/ccm.c b/library/ccm.c
index 87fe16dd8..aa15af2ea 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -246,6 +246,10 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
     if( add_len > 0xFF00 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
+    mbedtls_platform_zeroize( b, 16 );
+    mbedtls_platform_zeroize( y, 16 );
+    mbedtls_platform_zeroize( ctr, 16 );
+
     q = (uint_fast8_t) (16 - 1 - iv_len);
 
     /*
@@ -390,6 +394,10 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
     CTR_CRYPT( y, y, 16 );
     mbedtls_platform_memcpy( tag, y, tag_len );
 
+    mbedtls_platform_zeroize( b, 16 );
+    mbedtls_platform_zeroize( y, 16 );
+    mbedtls_platform_zeroize( ctr, 16 );
+
     return( ret );
 }