Built-in lms driver: always zeroize output-buffer in create_merkle_leaf_value Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>

commit: 9b3051fb1060e3d783bf9f900295eace740b1c66 [log] [tgz]
author: Minos Galanakis <minos.galanakis@arm.com> Mon Jun 02 14:36:25 2025 +0100
committer: Minos Galanakis <minos.galanakis@arm.com> Wed Jun 04 16:23:57 2025 +0100
tree: 7ca2f16227cc7f8528fd7f50185bf664677bee6e
parent: ae449bfca5e9a9a7b1cf1ec777755e33c79488e4 [diff]
diff --git a/library/lms.c b/library/lms.c
index 78886ab..11e2508 100644
--- a/library/lms.c
+++ b/library/lms.c

@@ -101,6 +101,9 @@
     size_t output_hash_len;
     unsigned char r_node_idx_bytes[4];
 
+    /* Always zeroize the output buffer to avoid undefined behavior at an early exit */
+    memset(out, 0, MBEDTLS_LMS_M_NODE_BYTES(params->type));
+
     op = psa_hash_operation_init();
     status = psa_hash_setup(&op, PSA_ALG_SHA_256);
     if (status != PSA_SUCCESS) {
commit	9b3051fb1060e3d783bf9f900295eace740b1c66	[log] [tgz]
author	Minos Galanakis <minos.galanakis@arm.com>	Mon Jun 02 14:36:25 2025 +0100
committer	Minos Galanakis <minos.galanakis@arm.com>	Wed Jun 04 16:23:57 2025 +0100
tree	7ca2f16227cc7f8528fd7f50185bf664677bee6e
parent	ae449bfca5e9a9a7b1cf1ec777755e33c79488e4 [diff]