From a9f9a73920855ccb5fea2032bda6cf29bd9b50ea Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Tue, 7 May 2019 18:29:02 +0300
Subject: [PATCH] Zeroize secret data in the exit point

Zeroize the secret data in `mbedtls_ssl_derive_keys()`
in the single exit point.
---
 library/ssl_tls.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c2903605c..b5e850ada 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -988,9 +988,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
     MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 );
     MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
 
-    mbedtls_platform_zeroize( handshake->randbytes,
-                              sizeof( handshake->randbytes ) );
-
     /*
      * Determine the appropriate key, IV and MAC length.
      */
@@ -1365,7 +1362,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
     }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
-    mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
 
 #if defined(MBEDTLS_ZLIB_SUPPORT)
     // Initialize compression
@@ -1403,7 +1399,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
 end:
-
+    mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
+    mbedtls_platform_zeroize( handshake->randbytes,
+                              sizeof( handshake->randbytes ) );
     return( ret );
 }