lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Add ecdh_psa_shared_key flag to protect PSA privkey if imported

Browse Source 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong
2022-03-23 10:57:04 +01:00
parent 5cd5f76d67
commit 8113d25d1e
3 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
library/ssl_tls12_server.c
View File

@ -3946,18 +3946,22 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_raw_key_agreement", ret );
(void) psa_destroy_key( handshake->ecdh_psa_privkey );
if( handshake->ecdh_psa_shared_key == 0 )
(void) psa_destroy_key( handshake->ecdh_psa_privkey );
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return( ret );
}
status = psa_destroy_key( handshake->ecdh_psa_privkey );
if( status != PSA_SUCCESS )
if( handshake->ecdh_psa_shared_key == 0 )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
return( ret );
status = psa_destroy_key( handshake->ecdh_psa_privkey );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
return( ret );
}
}
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
}