From 52fe517a77090aa3cf361285eb30053c0664871d Mon Sep 17 00:00:00 2001
From: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
Date: Wed, 24 May 2023 12:28:46 +0530
Subject: [PATCH] Change pbkdf2 password to array

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
---
 include/psa/crypto_builtin_key_derivation.h | 2 +-
 library/psa_crypto.c                        | 5 -----
 2 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h
index 5d01f6c58..245f26a15 100644
--- a/include/psa/crypto_builtin_key_derivation.h
+++ b/include/psa/crypto_builtin_key_derivation.h
@@ -119,7 +119,7 @@ typedef struct {
     size_t MBEDTLS_PRIVATE(input_cost);
     uint8_t *MBEDTLS_PRIVATE(salt);
     size_t MBEDTLS_PRIVATE(salt_length);
-    uint8_t *MBEDTLS_PRIVATE(password);
+    uint8_t MBEDTLS_PRIVATE(password)[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
     size_t MBEDTLS_PRIVATE(password_length);
 } psa_pbkdf2_key_derivation_t;
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index af4ab6515..461592005 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -5101,11 +5101,6 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation)
                                      operation->ctx.pbkdf2.salt_length);
             mbedtls_free(operation->ctx.pbkdf2.salt);
         }
-        if (operation->ctx.pbkdf2.password != NULL) {
-            mbedtls_platform_zeroize(operation->ctx.pbkdf2.password,
-                                     operation->ctx.pbkdf2.password_length);
-            mbedtls_free(operation->ctx.pbkdf2.password);
-        }
 
         status = PSA_SUCCESS;
     } else