From a6348edc23bcdfe73e38bfc252f5f5f519608706 Mon Sep 17 00:00:00 2001
From: Piotr Nowicki <piotr.nowicki@arm.com>
Date: Mon, 29 Jun 2020 15:03:56 +0200
Subject: [PATCH] Checking in critical places if the mbedtls_platform_zeroize()
 was successful

Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
---
 library/ssl_tls.c  | 10 +++++++---
 tinycrypt/ecc_dh.c |  6 ++++--
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 55ac1330a..fb9539f1a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1886,9 +1886,13 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
         return( ret );
     }
 
-    mbedtls_platform_zeroize( handshake->premaster,
-                              sizeof(handshake->premaster) );
-    return( 0 );
+    if( handshake->premaster == mbedtls_platform_zeroize( 
+                    handshake->premaster, sizeof(handshake->premaster) ) )
+    {
+        return( 0 );
+    }
+
+    return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
 }
 
 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
diff --git a/tinycrypt/ecc_dh.c b/tinycrypt/ecc_dh.c
index 5a7a9e53e..512686c74 100644
--- a/tinycrypt/ecc_dh.c
+++ b/tinycrypt/ecc_dh.c
@@ -186,7 +186,9 @@ int uECC_shared_secret(const uint8_t *public_key, const uint8_t *private_key,
 	uECC_vli_nativeToBytes(secret, num_bytes, _public);
 
 	/* erasing temporary buffer used to store secret: */
-	mbedtls_platform_zeroize(_private, sizeof(_private));
+	if (_private == mbedtls_platform_zeroize(_private, sizeof(_private))) {
+		return r;
+	}
 
-	return r;
+	return UECC_FAULT_DETECTED;
 }