tls: pake: do not destroy password key in TLS

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 004616f..4b195c4 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -4439,18 +4439,14 @@
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
     defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE )
+    /*
+     * In case opaque keys it's the user responsibility to keep the key valid
+     * for the duration of the handshake and destroy it at the end
+     */
+    if( ( opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE ) &&
+        ( ! mbedtls_svc_key_id_is_null( ecjpake_pw_slot ) ) )
     {
-        psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
-
-        /* Ensure the key is still valid before destroying it */
-        status = psa_get_key_attributes( ecjpake_pw_slot, &key_attr );
-        if( status == PSA_SUCCESS &&
-            PSA_ALG_IS_PAKE( psa_get_key_algorithm( &key_attr ) ) )
-        {
-            psa_destroy_key( ecjpake_pw_slot );
-        }
-        psa_reset_key_attributes( &key_attr );
+        psa_destroy_key( ecjpake_pw_slot );
     }
 #endif  /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */