From 2c70a39d97d90a1cd6cff4092a408fa9f5478f6f Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 8 Dec 2021 13:28:49 +0800
Subject: [PATCH] move zeroize randbytes

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_generic.c | 3 ---
 library/ssl_tls13_keys.c    | 4 +++-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index fbdf69aea..066147a5e 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -965,9 +965,6 @@ static int ssl_tls13_postprocess_server_finished_message( mbedtls_ssl_context *s
         goto cleanup;
     }
 
-    /* randbytes is not used again */
-    mbedtls_platform_zeroize( ssl->handshake->randbytes,
-                              sizeof( ssl->handshake->randbytes ) );
     transform_application =
         mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) );
     if( transform_application == NULL )
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 45fb5ed19..45f328735 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1225,7 +1225,9 @@ int mbedtls_ssl_tls13_generate_application_keys(
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive application traffic keys" ) );
 
  cleanup:
-
+    /* randbytes is not used again */
+    mbedtls_platform_zeroize( ssl->handshake->randbytes,
+                              sizeof( ssl->handshake->randbytes ) );
     mbedtls_platform_zeroize( transcript, sizeof( transcript ) );
     return( ret );
 }