Add ecdh_psa_shared_key flag to protect PSA privkey if imported

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-23 10:57:04 +01:00 · 2022-03-23 10:57:04 +01:00 · 8113d25d1e
commit 8113d25d1e
parent 5cd5f76d67
3 changed files with 14 additions and 8 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -3146,7 +3146,8 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )

 #if defined(MBEDTLS_ECDH_C) && \
    ( defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
-    psa_destroy_key( handshake->ecdh_psa_privkey );
+    if( handshake->ecdh_psa_shared_key == 0 )
+        psa_destroy_key( handshake->ecdh_psa_privkey );
 #endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */

 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)