From c52220d775aba3a30a1a64035aacb448cb6e58d3 Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Tue, 27 Jul 2021 13:54:55 +0200
Subject: [PATCH] Clear temporary buffer after block crypt operation.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/library/ccm.c b/library/ccm.c
index be1671c04c..425872dc32 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -127,13 +127,15 @@ static int mbedtls_ccm_crypt( mbedtls_ccm_context *ctx,
     if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->ctr, 16, tmp_buf,
                                        &olen ) ) != 0 )
     {
-        ctx->state |= CCM_STATE__ERROR;                                    \
+        ctx->state |= CCM_STATE__ERROR;           
+        mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf));
         return ret;
     }
 
     for( i = 0; i < use_len; i++ )
         output[i] = input[i] ^ tmp_buf[offset + i];
 
+    mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf));
     return ret;
 }