test: pake: modify opaque key verification before destruction
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 13ffa3d..02fbbd3 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -3333,10 +3333,16 @@
* In case opaque keys it's the user responsibility to keep the key valid
* for the duration of the handshake and destroy it at the end
*/
- if( ( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) &&
- ( ! mbedtls_svc_key_id_is_null( ecjpake_pw_slot ) ) )
+ if( ( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) )
{
- psa_destroy_key( ecjpake_pw_slot );
+ psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ /* Verify that the key is still valid before destroying it */
+ if( psa_get_key_attributes( ecjpake_pw_slot, &check_attributes ) ==
+ PSA_SUCCESS )
+ {
+ psa_destroy_key( ecjpake_pw_slot );
+ }
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 4b195c4..d8c20c2 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -4443,10 +4443,16 @@
* In case opaque keys it's the user responsibility to keep the key valid
* for the duration of the handshake and destroy it at the end
*/
- if( ( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) &&
- ( ! mbedtls_svc_key_id_is_null( ecjpake_pw_slot ) ) )
+ if( ( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) )
{
- psa_destroy_key( ecjpake_pw_slot );
+ psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ /* Verify that the key is still valid before destroying it */
+ if( psa_get_key_attributes( ecjpake_pw_slot, &check_attributes ) ==
+ PSA_SUCCESS )
+ {
+ psa_destroy_key( ecjpake_pw_slot );
+ }
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */