commit 785116a5bedac26290e6ac5370f8633762c9cd0b
author Valerio Setti <vsetti@baylibre.com> Mon Dec 12 11:59:25 2022 +0100
committer Valerio Setti <vsetti@baylibre.com> Mon Dec 12 11:59:25 2022 +0100
tree 64f85081fc87ba27cf577263a1721beb2587d930
parent 31e99bb0c751da69a2190b0babb02ce707be67d3

test: pake: modify opaque key verification before destruction

Signed-off-by: Valerio Setti <vsetti@baylibre.com>

programs/ssl/ssl_server2.c

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 4b195c4..d8c20c2 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -4443,10 +4443,16 @@
      * In case opaque keys it's the user responsibility to keep the key valid
      * for the duration of the handshake and destroy it at the end
      */
-    if( ( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) &&
-        ( ! mbedtls_svc_key_id_is_null( ecjpake_pw_slot ) ) )
+    if( ( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) )
     {
-        psa_destroy_key( ecjpake_pw_slot );
+        psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+        /* Verify that the key is still valid before destroying it */
+        if( psa_get_key_attributes( ecjpake_pw_slot, &check_attributes ) ==
+                PSA_SUCCESS )
+        {
+            psa_destroy_key( ecjpake_pw_slot );
+        }
     }
 #endif  /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */