PSA Crypto: Don't skip key data removal when SE driver is not in use
Closing a wrapped key with the new SE driver interface while
MBEDTLS_PSA_CRYPTO_SE_C is also enabled leads to the key material not
being freed, even though an old SE driver is not in use, leading to a
memory leak. This is because a wrapped key is also considered external.
This commit extends the check for skipping by checking whether an
old-style SE driver is registered with the provided slot, in addition to
checking whether the key is external.
Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
diff --git a/ChangeLog.d/psa_close_key_memory_leak_fix.txt b/ChangeLog.d/psa_close_key_memory_leak_fix.txt
new file mode 100644
index 0000000..91ce174
--- /dev/null
+++ b/ChangeLog.d/psa_close_key_memory_leak_fix.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix memory leak that occured when calling psa_close_key() on a
+ wrapped key with MBEDTLS_PSA_CRYPTO_SE_C defined.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 931e2e9..4efebbb 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1197,7 +1197,8 @@
static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
{
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- if( psa_key_slot_is_external( slot ) )
+ if( psa_get_se_driver( slot->attr.lifetime, NULL, NULL ) &&
+ psa_key_slot_is_external( slot ) )
{
/* No key material to clean. */
}