commit d5fa0bfb859fe2410bbafa9714bc01ac8f4ddd21
author Valerio Setti <vsetti@baylibre.com> Wed Dec 07 15:27:08 2022 +0100
committer Valerio Setti <vsetti@baylibre.com> Wed Dec 07 16:02:42 2022 +0100
tree f33427442040f7dd837285e91f55c2d07781a891
parent c689ed86330d8b16010e4c4a9faf9b848a237676

test: pake: check psa key validity before destroying it

Signed-off-by: Valerio Setti <vsetti@baylibre.com>

programs/ssl/ssl_client2.c

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index f7b66ae..54e9861 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -3331,7 +3331,16 @@
     defined(MBEDTLS_USE_PSA_CRYPTO)
     if( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE )
     {
-        psa_destroy_key( ecjpake_pw_slot );
+        psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
+
+        /* Ensure the key is still valid before destroying it */
+        status = psa_get_key_attributes( ecjpake_pw_slot, &key_attr );
+        if( status == PSA_SUCCESS &&
+            PSA_ALG_IS_PAKE( psa_get_key_algorithm( &key_attr ) ) )
+        {
+            psa_destroy_key( ecjpake_pw_slot );
+        }
+        psa_reset_key_attributes( &key_attr );
     }
 #endif  /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */
 

programs/ssl/ssl_server2.c

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 3b5ca73..004616f 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -4441,7 +4441,16 @@
     defined(MBEDTLS_USE_PSA_CRYPTO)
     if( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE )
     {
-        psa_destroy_key( ecjpake_pw_slot );
+        psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
+
+        /* Ensure the key is still valid before destroying it */
+        status = psa_get_key_attributes( ecjpake_pw_slot, &key_attr );
+        if( status == PSA_SUCCESS &&
+            PSA_ALG_IS_PAKE( psa_get_key_algorithm( &key_attr ) ) )
+        {
+            psa_destroy_key( ecjpake_pw_slot );
+        }
+        psa_reset_key_attributes( &key_attr );
     }
 #endif  /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */