Set ecdh_psa_privkey_is_external to 1 right after setting ecdh_psa_privkey in ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index e1e4b8a..514d81e 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -2883,19 +2883,22 @@
ssl->handshake->ecdh_psa_privkey =
*( (mbedtls_svc_key_id_t*) pk->pk_ctx );
+ /* Key should not be destroyed in the TLS library */
+ ssl->handshake->ecdh_psa_privkey_is_external = 1;
+
status = psa_get_key_attributes( ssl->handshake->ecdh_psa_privkey,
&key_attributes );
if( status != PSA_SUCCESS)
+ {
+ ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return( psa_ssl_status_to_mbedtls( status ) );
+ }
ssl->handshake->ecdh_psa_type = psa_get_key_type( &key_attributes );
ssl->handshake->ecdh_bits = psa_get_key_bits( &key_attributes );
psa_reset_key_attributes( &key_attributes );
- /* Key should not be destroyed in the TLS library */
- ssl->handshake->ecdh_psa_privkey_is_external = 1;
-
ret = 0;
break;
case MBEDTLS_PK_ECKEY: