commit a72fe641cc44c320b1ed0e61f936f5161731411f
author Andrzej Kurek <andrzej.kurek@arm.com> Wed Sep 29 15:57:30 2021 -0400
committer Andrzej Kurek <andrzej.kurek@arm.com> Wed Sep 29 17:08:31 2021 -0400
tree cf989a292f045f4dd3b48a720b82aadf46fd0da5
parent 324f72ec9c6e77ec4bd215f6d19cd7b7c6e57c58

Do not zeroize the ssl context if a key exporting function is set
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 821506f..11ccf27 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -695,8 +695,11 @@
 
 #if !defined(MBEDTLS_DEBUG_C) && \
     !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    ssl = NULL; /* make sure we don't use it except for these cases */
-    (void) ssl;
+    if( ssl->f_export_keys == NULL )
+    {
+        ssl = NULL; /* make sure we don't use it except for these cases */
+        (void) ssl;
+    }
 #endif
 
     /*
@@ -959,7 +962,7 @@
     ((void) mac_dec);
     ((void) mac_enc);
 
-    if( ssl->f_export_keys != NULL )
+    if( ssl != NULL && ssl->f_export_keys != NULL )
     {
         ssl->f_export_keys( ssl->p_export_keys,
                             MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET,