From a72fe641cc44c320b1ed0e61f936f5161731411f Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Wed, 29 Sep 2021 15:57:30 -0400
Subject: [PATCH] Do not zeroize the ssl context if a key exporting function is
 set Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

---
 library/ssl_tls.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 821506ff779e..11ccf274c232 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -695,8 +695,11 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
 
 #if !defined(MBEDTLS_DEBUG_C) && \
     !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    ssl = NULL; /* make sure we don't use it except for these cases */
-    (void) ssl;
+    if( ssl->f_export_keys == NULL )
+    {
+        ssl = NULL; /* make sure we don't use it except for these cases */
+        (void) ssl;
+    }
 #endif
 
     /*
@@ -959,7 +962,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
     ((void) mac_dec);
     ((void) mac_enc);
 
-    if( ssl->f_export_keys != NULL )
+    if( ssl != NULL && ssl->f_export_keys != NULL )
     {
         ssl->f_export_keys( ssl->p_export_keys,
                             MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET,