From 462aa575a46050db83bd71ad1a1c313afb418104 Mon Sep 17 00:00:00 2001 From: Fredrik Strupe Date: Thu, 17 Dec 2020 10:44:38 +0100 Subject: [PATCH] PSA Crypto: Don't skip key data removal when SE driver is not in use Closing a wrapped key with the new SE driver interface while MBEDTLS_PSA_CRYPTO_SE_C is also enabled leads to the key material not being freed, even though an old SE driver is not in use, leading to a memory leak. This is because a wrapped key is also considered external. This commit extends the check for skipping by checking whether an old-style SE driver is registered with the provided slot, in addition to checking whether the key is external. Signed-off-by: Fredrik Strupe --- ChangeLog.d/psa_close_key_memory_leak_fix.txt | 3 +++ library/psa_crypto.c | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/psa_close_key_memory_leak_fix.txt diff --git a/ChangeLog.d/psa_close_key_memory_leak_fix.txt b/ChangeLog.d/psa_close_key_memory_leak_fix.txt new file mode 100644 index 000000000..91ce17411 --- /dev/null +++ b/ChangeLog.d/psa_close_key_memory_leak_fix.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix memory leak that occured when calling psa_close_key() on a + wrapped key with MBEDTLS_PSA_CRYPTO_SE_C defined. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 931e2e915..4efebbb5e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1197,7 +1197,8 @@ static psa_status_t psa_get_transparent_key( psa_key_handle_t handle, static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot ) { #if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( psa_key_slot_is_external( slot ) ) + if( psa_get_se_driver( slot->attr.lifetime, NULL, NULL ) && + psa_key_slot_is_external( slot ) ) { /* No key material to clean. */ }