From 044eb16379ffc00d984f22ce38ab49223ac059a9 Mon Sep 17 00:00:00 2001
From: Yanray Wang <yanray.wang@arm.com>
Date: Mon, 28 Aug 2023 10:35:39 +0800
Subject: [PATCH] pkwrite: zeroize buf containing info of private key

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
---
 library/pkwrite.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/pkwrite.c b/library/pkwrite.c
index 225cde90d9..4e625292ce 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -860,7 +860,7 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf,
 
     ret = 0;
 cleanup:
-    mbedtls_free(output_buf);
+    mbedtls_zeroize_and_free(output_buf, PRV_DER_MAX_BYTES);
     return ret;
 }
 #endif /* MBEDTLS_PEM_WRITE_C */