psa: zeroize static key buffer content when key slot is freed Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

commit: 731013033374f7d6b00e188764828c64ff565434 [log] [tgz]
author: Valerio Setti <valerio.setti@nordicsemi.no> Fri Aug 16 12:52:19 2024 +0200
committer: Valerio Setti <valerio.setti@nordicsemi.no> Tue Oct 22 17:56:36 2024 +0200
tree: 76035ccdaa42d5851285638c2ba8d98892446fa8
parent: 2b9d180f8e548ed577b9faa5596e2a7fa302f64f [diff]
diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c
index b2e33fc..0bd5820 100644
--- a/tf-psa-crypto/core/psa_crypto.c
+++ b/tf-psa-crypto/core/psa_crypto.c

@@ -1183,7 +1183,11 @@
 
 psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot)
 {
-#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+    if (slot->key.bytes > 0) {
+        mbedtls_platform_zeroize(slot->key.data, MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE);
+    }
+#else
     if (slot->key.data != NULL) {
         mbedtls_zeroize_and_free(slot->key.data, slot->key.bytes);
     }
commit	731013033374f7d6b00e188764828c64ff565434	[log] [tgz]
author	Valerio Setti <valerio.setti@nordicsemi.no>	Fri Aug 16 12:52:19 2024 +0200
committer	Valerio Setti <valerio.setti@nordicsemi.no>	Tue Oct 22 17:56:36 2024 +0200
tree	76035ccdaa42d5851285638c2ba8d98892446fa8
parent	2b9d180f8e548ed577b9faa5596e2a7fa302f64f [diff]