commit a6348edc23bcdfe73e38bfc252f5f5f519608706
author Piotr Nowicki <piotr.nowicki@arm.com> Mon Jun 29 15:03:56 2020 +0200
committer Piotr Nowicki <piotr.nowicki@arm.com> Wed Aug 12 15:12:20 2020 +0200
tree c0267f8d35d5f0cbab87cfa56d1d1aa086cae27b
parent ed840dbcd85c508f6402b49f9bd97c43234cebdf

Checking in critical places if the mbedtls_platform_zeroize() was successful

Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 55ac133..fb9539f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1886,9 +1886,13 @@
         return( ret );
     }
 
-    mbedtls_platform_zeroize( handshake->premaster,
-                              sizeof(handshake->premaster) );
-    return( 0 );
+    if( handshake->premaster == mbedtls_platform_zeroize( 
+                    handshake->premaster, sizeof(handshake->premaster) ) )
+    {
+        return( 0 );
+    }
+
+    return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
 }
 
 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )