From 083036af64c79c097b90c8eeb23036072ec1bf3b Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 11 Jun 2019 10:22:26 +0100 Subject: [PATCH] Safely erase key material upon abort Some key derivation operation contexts (like psa_tls12_prf_key_derivation_t) directly contain buffers with parts of the derived key. Erase them safely as part of the abort. --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bf425df38..924b291f4 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3902,7 +3902,7 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation { status = PSA_ERROR_BAD_STATE; } - memset( operation, 0, sizeof( *operation ) ); + mbedtls_platform_zeroize( operation, sizeof( *operation ) ); return( status ); }