Built-in lms driver: always zeroize output-buffer in create_merkle_leaf_value

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2025-12-24 17:41:01 +03:00 · 2025-06-02 14:36:25 +01:00
parent ae449bfca5
commit 9b3051fb10
1 changed files with 3 additions and 0 deletions
--- a/library/lms.c
+++ b/library/lms.c
@@ -101,6 +101,9 @@ static int create_merkle_leaf_value(const mbedtls_lms_parameters_t *params,
    size_t output_hash_len;
    unsigned char r_node_idx_bytes[4];

+    /* Always zeroize the output buffer to avoid undefined behavior at an early exit */
+    memset(out, 0, MBEDTLS_LMS_M_NODE_BYTES(params->type));
+
    op = psa_hash_operation_init();
    status = psa_hash_setup(&op, PSA_ALG_SHA_256);
    if (status != PSA_SUCCESS) {