eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

tls: pake: do not destroy password key in TLS

Browse source 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
Valerio Setti 2022-12-08 18:42:58 +01:00
parent 2a3ffb4203
commit eb3f788b03
3 changed files with 24 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

18
programs/ssl/ssl_server2.c
View file

@ -4439,18 +4439,14 @@ exit:
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE )
/*
* In case opaque keys it's the user responsibility to keep the key valid
* for the duration of the handshake and destroy it at the end
*/
if( ( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) &&
( ! mbedtls_svc_key_id_is_null( ecjpake_pw_slot ) ) )
{
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
/* Ensure the key is still valid before destroying it */
status = psa_get_key_attributes( ecjpake_pw_slot, &key_attr );
if( status == PSA_SUCCESS &&
PSA_ALG_IS_PAKE( psa_get_key_algorithm( &key_attr ) ) )
{
psa_destroy_key( ecjpake_pw_slot );
}
psa_reset_key_attributes( &key_attr );
psa_destroy_key( ecjpake_pw_slot );
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */