Destroy PSA-based temporary opaque PSK key at the end of ssl_client2
This commit is contained in:
parent
39eb4274bb
commit
923cd655e0
1 changed files with 20 additions and 0 deletions
|
@ -2230,6 +2230,26 @@ exit:
|
||||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||||
mbedtls_entropy_free( &entropy );
|
mbedtls_entropy_free( &entropy );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) && \
|
||||||
|
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
if( opt.psk_slot != 0 )
|
||||||
|
{
|
||||||
|
/* This is ok even if the slot hasn't been
|
||||||
|
* initialized (we might have jumed here
|
||||||
|
* immediately because of bad cmd line params,
|
||||||
|
* for example). */
|
||||||
|
status = psa_destroy_key( opt.psk_slot );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "Failed to destroy key slot %u - error was %d",
|
||||||
|
(unsigned) opt.psk_slot, (int) status );
|
||||||
|
if( ret == 0 )
|
||||||
|
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED &&
|
||||||
|
MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#if defined(_WIN32)
|
#if defined(_WIN32)
|
||||||
mbedtls_printf( " + Press Enter to exit this program.\n" );
|
mbedtls_printf( " + Press Enter to exit this program.\n" );
|
||||||
fflush( stdout ); getchar();
|
fflush( stdout ); getchar();
|
||||||
|
|
Loading…
Reference in a new issue