commit cc908ad04c388b50b81fa3b3a8b509cf62797fcf
author Gilles Peskine <Gilles.Peskine@arm.com> Mon Aug 25 17:01:34 2025 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Mon Sep 08 12:22:39 2025 +0200
tree 88d8b7617b24414a4c699e40ea88a73a7bc04b74
parent 2d666646bace4de2fce0f8dd9f95df560dd55f73

Remove redundant memset on freshly initialized buffer

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

library/psa_crypto_cipher.c

diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index 83069c7..7f691c1 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -554,10 +554,6 @@
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
     size_t invalid_padding = 0;
 
-    uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH] = { 0 };
-    if (output_size > sizeof(temp_output_buffer)) {
-        output_size = sizeof(temp_output_buffer);
-    }
     /* We will copy output_size bytes from temp_output_buffer to the
      * output buffer. We can't use *output_length to determine how
      * much to copy because we must not leak that value through timing
@@ -565,7 +561,10 @@
      * is not guaranteed to write beyond *output_length. To ensure we don't
      * leak the former content of the stack to the caller, wipe that
      * former content. */
-    memset(temp_output_buffer, 0, output_size);
+    uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH] = { 0 };
+    if (output_size > sizeof(temp_output_buffer)) {
+        output_size = sizeof(temp_output_buffer);
+    }
 
     if (operation->ctx.cipher.unprocessed_len != 0) {
         if (operation->alg == PSA_ALG_ECB_NO_PADDING ||