From 0332f8443a904cbca1f6417636243d95e141867c Mon Sep 17 00:00:00 2001
From: Yossi Levy <Yossi.Levy@arm.com>
Date: Wed, 9 Jan 2019 11:33:39 +0200
Subject: [PATCH] Adding a test if device key buffer has changed after calling
 to entropy func. this should enable as to eliminate some rare cases when the
 trng fail but still return success.

---
 features/device_key/source/DeviceKey.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/features/device_key/source/DeviceKey.cpp b/features/device_key/source/DeviceKey.cpp
index 016b28c135..3d9b8dac07 100644
--- a/features/device_key/source/DeviceKey.cpp
+++ b/features/device_key/source/DeviceKey.cpp
@@ -30,6 +30,7 @@
 #include "entropy.h"
 #include "platform_mbed.h"
 #include "mbed_trace.h"
+#include "ssl_internal.h"
 
 #define TRACE_GROUP "DEVKEY"
 
@@ -260,12 +261,14 @@ int DeviceKey::generate_key_by_random(uint32_t *output, size_t size)
     }
 
 #if DEVICE_TRNG
+    uint32_t test_buff[DEVICE_KEY_32BYTE / sizeof(int)];
     mbedtls_entropy_context *entropy = new mbedtls_entropy_context;
     mbedtls_entropy_init(entropy);
     memset(output, 0, size);
+    memset(test_buff, 0, size);
 
     ret = mbedtls_entropy_func(entropy, (unsigned char *)output, size);
-    if (ret != MBED_SUCCESS) {
+    if (ret != MBED_SUCCESS || mbedtls_ssl_safer_memcmp(test_buff, (unsigned char *)output, size) == 0) {
         ret = DEVICEKEY_GENERATE_RANDOM_ERROR;
     } else {
         ret = DEVICEKEY_SUCCESS;