commit eb3f788b032a514875320db819b67625cd9fedb8
author Valerio Setti <vsetti@baylibre.com> Thu Dec 08 18:42:58 2022 +0100
committer Valerio Setti <vsetti@baylibre.com> Thu Dec 08 18:42:58 2022 +0100
tree ab95b6c11f8bdae4ca2f08c99f9ba8c1c4706e46
parent 2a3ffb4203b952a7de3512db311e45e6d4e332f3

tls: pake: do not destroy password key in TLS

Signed-off-by: Valerio Setti <vsetti@baylibre.com>

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 57cfe42..259d088 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1934,7 +1934,6 @@
 
     if( mbedtls_svc_key_id_is_null( pwd ) )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    ssl->handshake->psa_pake_password = pwd;
 
     psa_pake_cs_set_algorithm( &cipher_suite, PSA_ALG_JPAKE );
     psa_pake_cs_set_primitive( &cipher_suite,
@@ -1956,8 +1955,7 @@
     if( status != PSA_SUCCESS )
         goto error;
 
-    status = psa_pake_set_password_key( &ssl->handshake->psa_pake_ctx,
-                                ssl->handshake->psa_pake_password );
+    status = psa_pake_set_password_key( &ssl->handshake->psa_pake_ctx, pwd );
     if( status != PSA_SUCCESS )
         goto error;
 
@@ -4037,7 +4035,15 @@
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_pake_abort( &handshake->psa_pake_ctx );
-    psa_destroy_key( handshake->psa_pake_password );
+    /*
+     * Opaque keys are not stored in the handshake's data and it's the user
+     * responsibility to destroy them. Clear ones, instead, are created by
+     * the TLS library and should be destroyed at the same level
+     */
+    if( ! mbedtls_svc_key_id_is_null( handshake->psa_pake_password ) )
+    {
+        psa_destroy_key( handshake->psa_pake_password );
+    }
     handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT;
 #else
     mbedtls_ecjpake_free( &handshake->ecjpake_ctx );