psa: free RNG implementation before checking for remaining open key slots
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index 04b90b9..f4c49fb 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -34,6 +34,7 @@
#define PSA_DONE() \
do \
{ \
+ mbedtls_psa_random_free(); \
mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__); \
mbedtls_test_psa_purge_key_storage(); \
mbedtls_psa_crypto_free(); \
@@ -125,17 +126,21 @@
/** Shut down the PSA Crypto subsystem, allowing persistent keys to survive.
* Expect a clean shutdown, with no slots in use.
+ * mbedtls_psa_random_free() is called before any check for remaining open
+ * keys because when AES_C is not defined, CTR_DRBG relies on PSA to perform
+ * AES-ECB so it holds an open AES key for that since psa_crypto_init().
*
* If some key slots are still in use, record the test case as failed and
* jump to the `exit` label.
*/
#define PSA_SESSION_DONE() \
- do \
- { \
+ do \
+ { \
+ mbedtls_psa_random_free(); \
mbedtls_test_psa_purge_key_cache(); \
ASSERT_PSA_PRISTINE(); \
mbedtls_psa_crypto_free(); \
- } \
+ } \
while (0)