From d103bdb01d125a81a0113b76fe597c1498bc8ad0 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 2 Dec 2021 16:32:13 +0800
Subject: [PATCH] Clean randbytes

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_generic.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 066147a5e..fbdf69aea 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -965,6 +965,9 @@ static int ssl_tls13_postprocess_server_finished_message( mbedtls_ssl_context *s
         goto cleanup;
     }
 
+    /* randbytes is not used again */
+    mbedtls_platform_zeroize( ssl->handshake->randbytes,
+                              sizeof( ssl->handshake->randbytes ) );
     transform_application =
         mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) );
     if( transform_application == NULL )