mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 10:55:27 +00:00
Fix psa_destroy_key called after mbedtls_psa_crypto_free
Move the call to destroy the PSK to before freeing the SSL session data and calling rng_free(), which deinitializes the PSA subsystem. This particular ordering was chosen to make the ssl_client2 more similar to ssl_server2. This fixes the client failing on the psa_destroy_key() call in `ssl-opt.sh -f 'opaque psk on client'`. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
34babfc5b2
commit
b8c484088c
|
@ -3002,19 +3002,6 @@ exit:
|
|||
#endif
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
mbedtls_ssl_session_free( &saved_session );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
rng_free( &rng );
|
||||
if( session_data != NULL )
|
||||
mbedtls_platform_zeroize( session_data, session_data_len );
|
||||
mbedtls_free( session_data );
|
||||
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
|
||||
if( context_buf != NULL )
|
||||
mbedtls_platform_zeroize( context_buf, context_buf_len );
|
||||
mbedtls_free( context_buf );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
|
||||
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if( opt.psk_opaque != 0 )
|
||||
|
@ -3036,6 +3023,19 @@ exit:
|
|||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
|
||||
MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
mbedtls_ssl_session_free( &saved_session );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
rng_free( &rng );
|
||||
if( session_data != NULL )
|
||||
mbedtls_platform_zeroize( session_data, session_data_len );
|
||||
mbedtls_free( session_data );
|
||||
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
|
||||
if( context_buf != NULL )
|
||||
mbedtls_platform_zeroize( context_buf, context_buf_len );
|
||||
mbedtls_free( context_buf );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||
#if defined(MBEDTLS_MEMORY_DEBUG)
|
||||
mbedtls_memory_buffer_alloc_status();
|
||||
|
|
Loading…
Reference in a new issue