Move erase handshake secrets

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 10:19:34 +08:00 · 2021-12-10 10:19:34 +08:00 · 4a2fa5d0aa
commit 4a2fa5d0aa
parent 27224f58be
3 changed files with 12 additions and 9 deletions
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@ -1060,11 +1060,7 @@ static int ssl_tls13_prepare_finished_message( mbedtls_ssl_context *ssl )
                    sizeof( ssl->handshake->state_local.finished_out.digest ),
                    &ssl->handshake->state_local.finished_out.digest_len,
                    ssl->conf->endpoint );
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
-    {
-        mbedtls_platform_zeroize( &ssl->handshake->tls13_hs_secrets,
-                                  sizeof( ssl->handshake->tls13_hs_secrets ) );
-    }
+
    if( ret != 0 )
    {
        MBEDTLS_SSL_DEBUG_RET( 1, "calculate_verify_data failed", ret );