Destroy PSA-based temporary opaque PSKs at the end of ssl_server2
This commit is contained in:
parent
3f24ea976d
commit
c43b6ea847
1 changed files with 35 additions and 2 deletions
|
@ -815,16 +815,30 @@ struct _psk_entry
|
||||||
/*
|
/*
|
||||||
* Free a list of psk_entry's
|
* Free a list of psk_entry's
|
||||||
*/
|
*/
|
||||||
void psk_free( psk_entry *head )
|
int psk_free( psk_entry *head )
|
||||||
{
|
{
|
||||||
psk_entry *next;
|
psk_entry *next;
|
||||||
|
|
||||||
while( head != NULL )
|
while( head != NULL )
|
||||||
{
|
{
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
psa_status_t status;
|
||||||
|
psa_key_slot_t const slot = head->slot;
|
||||||
|
|
||||||
|
if( slot != 0 )
|
||||||
|
{
|
||||||
|
status = psa_destroy_key( slot );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
return( status );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
next = head->next;
|
next = head->next;
|
||||||
mbedtls_free( head );
|
mbedtls_free( head );
|
||||||
head = next;
|
head = next;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -3332,12 +3346,31 @@ exit:
|
||||||
sni_free( sni_info );
|
sni_free( sni_info );
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||||
psk_free( psk_info );
|
if( ( ret = psk_free( psk_info ) ) != 0 )
|
||||||
|
mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret );
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
|
||||||
mbedtls_dhm_free( &dhm );
|
mbedtls_dhm_free( &dhm );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) && \
|
||||||
|
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
if( opt.psk_slot != 0 )
|
||||||
|
{
|
||||||
|
/* This is ok even if the slot hasn't been
|
||||||
|
* initialized (we might have jumed here
|
||||||
|
* immediately because of bad cmd line params,
|
||||||
|
* for example). */
|
||||||
|
status = psa_destroy_key( opt.psk_slot );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "Failed to destroy key slot %u - error was %d",
|
||||||
|
(unsigned) opt.psk_slot, (int) status );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED &&
|
||||||
|
MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
mbedtls_ssl_free( &ssl );
|
mbedtls_ssl_free( &ssl );
|
||||||
mbedtls_ssl_config_free( &conf );
|
mbedtls_ssl_config_free( &conf );
|
||||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||||
|
|
Loading…
Reference in a new issue