From d5fa0bfb859fe2410bbafa9714bc01ac8f4ddd21 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 7 Dec 2022 15:27:08 +0100 Subject: [PATCH] test: pake: check psa key validity before destroying it Signed-off-by: Valerio Setti --- programs/ssl/ssl_client2.c | 11 ++++++++++- programs/ssl/ssl_server2.c | 11 ++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index f7b66aeac..54e9861cc 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -3331,7 +3331,16 @@ exit: defined(MBEDTLS_USE_PSA_CRYPTO) if( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) { - psa_destroy_key( ecjpake_pw_slot ); + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + + /* Ensure the key is still valid before destroying it */ + status = psa_get_key_attributes( ecjpake_pw_slot, &key_attr ); + if( status == PSA_SUCCESS && + PSA_ALG_IS_PAKE( psa_get_key_algorithm( &key_attr ) ) ) + { + psa_destroy_key( ecjpake_pw_slot ); + } + psa_reset_key_attributes( &key_attr ); } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3b5ca73ca..004616fd1 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -4441,7 +4441,16 @@ exit: defined(MBEDTLS_USE_PSA_CRYPTO) if( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) { - psa_destroy_key( ecjpake_pw_slot ); + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + + /* Ensure the key is still valid before destroying it */ + status = psa_get_key_attributes( ecjpake_pw_slot, &key_attr ); + if( status == PSA_SUCCESS && + PSA_ALG_IS_PAKE( psa_get_key_algorithm( &key_attr ) ) ) + { + psa_destroy_key( ecjpake_pw_slot ); + } + psa_reset_key_attributes( &key_attr ); } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */