From 52f7e18042babe6e121d01323b8c2608a3b287e5 Mon Sep 17 00:00:00 2001
From: Tom Cosgrove <tom.cosgrove@arm.com>
Date: Tue, 1 Aug 2023 09:08:48 +0100
Subject: [PATCH] Use mbedtls_zeroize_and_free() in
 psa_remove_key_data_from_memory()

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
---
 library/psa_crypto.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index df7057b0fe..f6ad775ad6 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1088,13 +1088,10 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy(
 
 psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot)
 {
-    /* Data pointer will always be either a valid pointer or NULL in an
-     * initialized slot, so we can just free it. */
     if (slot->key.data != NULL) {
-        mbedtls_platform_zeroize(slot->key.data, slot->key.bytes);
+        mbedtls_zeroize_and_free(slot->key.data, slot->key.bytes);
     }
 
-    mbedtls_free(slot->key.data);
     slot->key.data = NULL;
     slot->key.bytes = 0;