mbedtls_psa_crypto_free: free allocated slots as well Access the slot directly rather than going through psa_get_key_slot. Unlike other places where key slots are accessed through psa_get_key_slot, here, we know where all the slots are and there are no policy or permission considerations. This resolves a memory leak: allocated slots were not getting freed because psa_get_key_slot rejected the attempt of accessing them directly rather than via a handle.

commit: d7c75707b88d3e3aca2f2fdcdcad9f76cfafff83 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Mon Dec 03 10:36:46 2018 +0100
committer: Gilles Peskine <Gilles.Peskine@arm.com> Tue Dec 11 16:48:13 2018 +0100
tree: 98f90c6e58e2bcbd226d403cb03247411161e574
parent: 961849f6d189e5b796625bb80b6663c0398b0473 [diff] [blame]
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 0d809cb..50c8a89 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -4559,17 +4559,13 @@
 
 void mbedtls_psa_crypto_free( void )
 {
-    psa_key_slot_t key;
-    key_slot_t *slot;
-    psa_status_t status;
     if( global_data.key_slots_initialized )
     {
+        psa_key_slot_t key;
         for( key = 1; key <= PSA_KEY_SLOT_COUNT; key++ )
         {
-            status = psa_get_key_slot( key, &slot );
-            if( status != PSA_SUCCESS )
-                continue;
-            psa_remove_key_data_from_memory( slot );
+            key_slot_t *slot = &global_data.key_slots[key - 1];
+            (void) psa_remove_key_data_from_memory( slot );
             /* Zeroize the slot to wipe metadata such as policies. */
             mbedtls_zeroize( slot, sizeof( *slot ) );
         }
commit	d7c75707b88d3e3aca2f2fdcdcad9f76cfafff83	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Dec 03 10:36:46 2018 +0100
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Tue Dec 11 16:48:13 2018 +0100
tree	98f90c6e58e2bcbd226d403cb03247411161e574
parent	961849f6d189e5b796625bb80b6663c0398b0473 [diff] [blame]