commit a9f9a73920855ccb5fea2032bda6cf29bd9b50ea
author Ron Eldor <Ron.Eldor@arm.com> Tue May 07 18:29:02 2019 +0300
committer Ron Eldor <Ron.Eldor@arm.com> Wed May 15 13:38:39 2019 +0300
tree ee69bb8d0d2c388992896c3d3bd6092d831f1c17
parent e699270908f409ecc303bc0c1bb8e3b2675362d7

Zeroize secret data in the exit point

Zeroize the secret data in `mbedtls_ssl_derive_keys()`
in the single exit point.

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c290360..b5e850a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -988,9 +988,6 @@
     MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 );
     MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
 
-    mbedtls_platform_zeroize( handshake->randbytes,
-                              sizeof( handshake->randbytes ) );
-
     /*
      * Determine the appropriate key, IV and MAC length.
      */
@@ -1365,7 +1362,6 @@
     }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
-    mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
 
 #if defined(MBEDTLS_ZLIB_SUPPORT)
     // Initialize compression
@@ -1403,7 +1399,9 @@
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
 end:
-
+    mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
+    mbedtls_platform_zeroize( handshake->randbytes,
+                              sizeof( handshake->randbytes ) );
     return( ret );
 }