Zeroising of plaintext buffers to erase unused application data from memory

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2025-07-30 22:43:08 +03:00 · 2020-07-15 10:55:00 +02:00
parent 8ed8694199
commit a321413807
2 changed files with 8 additions and 0 deletions
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@ -5581,6 +5581,10 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
    memcpy( buf, ssl->in_offt, n );
    ssl->in_msglen -= n;

+    /* Zeroising the plaintext buffer to erase unused application data
+       from the memory. */
+    mbedtls_platform_zeroize( ssl->in_offt, n );
+
    if( ssl->in_msglen == 0 )
    {
        /* all bytes consumed */