ssl_tls.c: Fix PSA ECDH private key destruction In TLS 1.3, a PSA ECDH private key may be created even if MBEDTLS_SSL_USA_PSA_CRYPTO is disabled. We must destroy this key if still referenced by an handshake context when we free such context. Signed-off-by: Ronald Cron <ronald.cron@arm.com>

commit: f12b81d387f78368dc081d453a61fab445644825 [log] [tgz]
author: Ronald Cron <ronald.cron@arm.com> Tue Mar 15 10:42:41 2022 +0100
committer: Ronald Cron <ronald.cron@arm.com> Tue Mar 29 14:42:17 2022 +0200
tree: b67b6f1d5019e4b0312ed3c78261bb37476020a7
parent: 5b98ac9c64316e07befb197b923c1ac7f8c04255 [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 3cd6f27..9105830 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -3111,8 +3111,8 @@
     mbedtls_ssl_buffering_free( ssl );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-#if defined(MBEDTLS_ECDH_C) &&                  \
-    defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_ECDH_C) && \
+    ( defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
     psa_destroy_key( handshake->ecdh_psa_privkey );
 #endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */
commit	f12b81d387f78368dc081d453a61fab445644825	[log] [tgz]
author	Ronald Cron <ronald.cron@arm.com>	Tue Mar 15 10:42:41 2022 +0100
committer	Ronald Cron <ronald.cron@arm.com>	Tue Mar 29 14:42:17 2022 +0200
tree	b67b6f1d5019e4b0312ed3c78261bb37476020a7
parent	5b98ac9c64316e07befb197b923c1ac7f8c04255 [diff] [blame]