From e3ee22189313674684d955c34e04bde2691089e8 Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Thu, 7 Apr 2022 14:29:56 +0200
Subject: [PATCH] Free other secret in tls12_prf context

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 library/psa_crypto.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 8c58ff518c..f3a22588d5 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -4315,6 +4315,13 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation
             mbedtls_free( operation->ctx.tls12_prf.label );
         }
 
+        if( operation->ctx.tls12_prf.other_secret != NULL )
+        {
+            mbedtls_platform_zeroize( operation->ctx.tls12_prf.other_secret,
+                                      operation->ctx.tls12_prf.other_secret_length );
+            mbedtls_free( operation->ctx.tls12_prf.other_secret );
+        }
+
         status = PSA_SUCCESS;
 
         /* We leave the fields Ai and output_block to be erased safely by the