Clear internal decrypted buffer after read

commit: cafb6c91b0e97ec4a6742d9cdea4fbcf3853e4b5 [log] [tgz]
author: Teppo Järvelin <teppo.jarvelin@arm.com> Wed Jan 08 09:19:07 2020 +0200
committer: Teppo Järvelin <teppo.jarvelin@arm.com> Wed Jan 08 10:25:16 2020 +0200
tree: 9c59e602d59af3af4902ade928f1dbfd6dad6a0b
parent: 7d2434fac2b96347d3225bdbccd5a5fe719229a6 [diff]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 19bdc90..d5448c6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -11119,6 +11119,9 @@
     mbedtls_platform_memcpy( buf, ssl->in_offt, n );
     ssl->in_msglen -= n;
 
+    // clear incoming data after it's copied to buffer
+    mbedtls_platform_memset(ssl->in_offt, 0, n);
+
     if( ssl->in_msglen == 0 )
     {
         /* all bytes consumed */
commit	cafb6c91b0e97ec4a6742d9cdea4fbcf3853e4b5	[log] [tgz]
author	Teppo Järvelin <teppo.jarvelin@arm.com>	Wed Jan 08 09:19:07 2020 +0200
committer	Teppo Järvelin <teppo.jarvelin@arm.com>	Wed Jan 08 10:25:16 2020 +0200
tree	9c59e602d59af3af4902ade928f1dbfd6dad6a0b
parent	7d2434fac2b96347d3225bdbccd5a5fe719229a6 [diff]