From b0957c68fb44a2e01e6d24eaa243367f8c74168f Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Thu, 21 Feb 2019 08:22:56 +1000
Subject: [PATCH] ForceZero the devKey field of Aes in PKCS#11

Don't memset the key field of AES in PKCS#11.
---
 wolfcrypt/src/wc_pkcs11.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/wolfcrypt/src/wc_pkcs11.c b/wolfcrypt/src/wc_pkcs11.c
index d07f5b6c1..81c31818c 100644
--- a/wolfcrypt/src/wc_pkcs11.c
+++ b/wolfcrypt/src/wc_pkcs11.c
@@ -565,10 +565,8 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
                                                 (unsigned char *)aes->id,
                                                 aes->idLen);
                 }
-                if (ret == 0 && clear) {
-                    XMEMSET(aes->devKey, 0, aes->keylen);
-                    XMEMSET(aes->key, 0, aes->keylen);
-                }
+                if (ret == 0 && clear)
+                    ForceZero(aes->devKey, 0, aes->keylen);
                 break;
             }
     #endif
@@ -584,10 +582,8 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
                                                 (unsigned char *)aes->id,
                                                 aes->idLen);
                 }
-                if (ret == 0 && clear) {
-                    XMEMSET(aes->devKey, 0, aes->keylen);
-                    XMEMSET(aes->key, 0, aes->keylen);
-                }
+                if (ret == 0 && clear)
+                    ForceZero(aes->devKey, 0, aes->keylen);
                 break;
             }
     #endif