From d7c75707b88d3e3aca2f2fdcdcad9f76cfafff83 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 3 Dec 2018 10:36:46 +0100
Subject: [PATCH] mbedtls_psa_crypto_free: free allocated slots as well

Access the slot directly rather than going through psa_get_key_slot.
Unlike other places where key slots are accessed through
psa_get_key_slot, here, we know where all the slots are and there are
no policy or permission considerations.

This resolves a memory leak: allocated slots were not getting freed
because psa_get_key_slot rejected the attempt of accessing them
directly rather than via a handle.
---
 library/psa_crypto.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 0d809cbaa6..50c8a8962b 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -4559,17 +4559,13 @@ psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
 
 void mbedtls_psa_crypto_free( void )
 {
-    psa_key_slot_t key;
-    key_slot_t *slot;
-    psa_status_t status;
     if( global_data.key_slots_initialized )
     {
+        psa_key_slot_t key;
         for( key = 1; key <= PSA_KEY_SLOT_COUNT; key++ )
         {
-            status = psa_get_key_slot( key, &slot );
-            if( status != PSA_SUCCESS )
-                continue;
-            psa_remove_key_data_from_memory( slot );
+            key_slot_t *slot = &global_data.key_slots[key - 1];
+            (void) psa_remove_key_data_from_memory( slot );
             /* Zeroize the slot to wipe metadata such as policies. */
             mbedtls_zeroize( slot, sizeof( *slot ) );
         }