Add ecdh_psa_shared_key flag to protect PSA privkey if imported Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>

commit: 8113d25d1e7ec74aa795d22e16c2718a36a1e2a8 [log] [tgz]
author: Neil Armstrong <narmstrong@baylibre.com> Wed Mar 23 10:57:04 2022 +0100
committer: Neil Armstrong <narmstrong@baylibre.com> Thu Mar 31 15:24:17 2022 +0200
tree: cd4d93cb589071773d2ca918a1ec647071cb8cc8
parent: 5cd5f76d679ba5289cb3f28f74d6a41fa69d05bf [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 86445de..cc7d7e1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -3146,7 +3146,8 @@
 
 #if defined(MBEDTLS_ECDH_C) && \
     ( defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
-    psa_destroy_key( handshake->ecdh_psa_privkey );
+    if( handshake->ecdh_psa_shared_key == 0 )
+        psa_destroy_key( handshake->ecdh_psa_privkey );
 #endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
commit	8113d25d1e7ec74aa795d22e16c2718a36a1e2a8	[log] [tgz]
author	Neil Armstrong <narmstrong@baylibre.com>	Wed Mar 23 10:57:04 2022 +0100
committer	Neil Armstrong <narmstrong@baylibre.com>	Thu Mar 31 15:24:17 2022 +0200
tree	cd4d93cb589071773d2ca918a1ec647071cb8cc8
parent	5cd5f76d679ba5289cb3f28f74d6a41fa69d05bf [diff] [blame]