Prevent leaking plaintext in psa_cipher_finish()

2025-09-01 05:01:58 +03:00 · 2018-07-09 16:13:21 +01:00
parent 315b51c22d
commit 279ab8e69b
1 changed files with 2 additions and 0 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2463,6 +2463,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
        goto error;
    }

+    mbedtls_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) );
    status = psa_cipher_abort( operation );

    return( status );
@@ -2471,6 +2472,7 @@ error:

    *output_length = 0;

+    mbedtls_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) );
    (void) psa_cipher_abort( operation );

    return( status );