diff --git a/library/cmac.c b/library/cmac.c
index 8f6574a20..87846a617 100644
--- a/library/cmac.c
+++ b/library/cmac.c
@@ -129,6 +129,8 @@ static int generate_subkeys( mbedtls_cmac_context *ctx )
     multiply_by_u( ctx->K1, L );
     multiply_by_u( ctx->K2, ctx->K1 );
 
+    mbedtls_zeroize( L, sizeof( L ) );
+
     return( 0 );
 }
 
@@ -336,6 +338,9 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx,
     {
         return( ret );
     }
+
+    mbedtls_zeroize( int_key, sizeof( int_key ) );
+
     return( mbedtls_cmac_generate( ctx, input, in_len, tag, 16 ) );
 }