ccm: zeroize buffers before and after usage Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

commit: 142f09fb96b3dc228bbbea92906813f41e292064 [log] [tgz]
author: Andrzej Kurek <andrzej.kurek@arm.com> Wed Nov 04 13:20:24 2020 +0100
committer: Andrzej Kurek <andrzej.kurek@arm.com> Wed Nov 25 06:20:43 2020 -0500
tree: 66fb281be5254bcf41981ebfb538e192e21e4cf9
parent: 5eba1d82a2e154e3d922dd8ab2fcb5012baaa72e [diff] [blame]
diff --git a/library/ccm.c b/library/ccm.c
index 87fe16d..aa15af2 100644
--- a/library/ccm.c
+++ b/library/ccm.c

@@ -246,6 +246,10 @@
     if( add_len > 0xFF00 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
+    mbedtls_platform_zeroize( b, 16 );
+    mbedtls_platform_zeroize( y, 16 );
+    mbedtls_platform_zeroize( ctr, 16 );
+
     q = (uint_fast8_t) (16 - 1 - iv_len);
 
     /*
@@ -390,6 +394,10 @@
     CTR_CRYPT( y, y, 16 );
     mbedtls_platform_memcpy( tag, y, tag_len );
 
+    mbedtls_platform_zeroize( b, 16 );
+    mbedtls_platform_zeroize( y, 16 );
+    mbedtls_platform_zeroize( ctr, 16 );
+
     return( ret );
 }
commit	142f09fb96b3dc228bbbea92906813f41e292064	[log] [tgz]
author	Andrzej Kurek <andrzej.kurek@arm.com>	Wed Nov 04 13:20:24 2020 +0100
committer	Andrzej Kurek <andrzej.kurek@arm.com>	Wed Nov 25 06:20:43 2020 -0500
tree	66fb281be5254bcf41981ebfb538e192e21e4cf9
parent	5eba1d82a2e154e3d922dd8ab2fcb5012baaa72e [diff] [blame]