Make sure unused parts of tag buffer are cleared
We already did this on failure, but make sure the buffer does not leak
what was in it previously on success
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index e145083..95f9740 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3804,9 +3804,14 @@
 exit:
 
     /* In case the operation fails and the user fails to check for failure or
-     * the zero tag size, make sure the tag is set to something impossible. */
+     * the zero tag size, make sure the tag is set to something impossible.
+     * Even if the operation succeeds, make sure we set the rest of the
+     * buffer to something impossible to prevent potential leakage of
+     * anything previously placed in the same buffer.*/
     if( status != PSA_SUCCESS )
-        memset(tag, '!', tag_size);
+        memset( tag, '!', tag_size );
+    else if( *tag_length < tag_size )
+        memset( tag + *tag_length, '!', ( tag_size - *tag_length ) );
 
     psa_aead_abort( operation );