Fix psa_destroy_key called after mbedtls_psa_crypto_free

Move the call to destroy the PSK to before freeing the SSL session
data and calling rng_free(), which deinitializes the PSA subsystem.
This particular ordering was chosen to make the ssl_client2 more
similar to ssl_server2. This fixes the client failing on the
psa_destroy_key() call in `ssl-opt.sh -f 'opaque psk on client'`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-02-08 20:28:22 +01:00
parent 34babfc5b2
commit b8c484088c

View file

@ -3002,19 +3002,6 @@ exit:
#endif
#endif /* MBEDTLS_X509_CRT_PARSE_C */
mbedtls_ssl_session_free( &saved_session );
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
rng_free( &rng );
if( session_data != NULL )
mbedtls_platform_zeroize( session_data, session_data_len );
mbedtls_free( session_data );
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
if( context_buf != NULL )
mbedtls_platform_zeroize( context_buf, context_buf_len );
mbedtls_free( context_buf );
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.psk_opaque != 0 )
@ -3036,6 +3023,19 @@ exit:
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
MBEDTLS_USE_PSA_CRYPTO */
mbedtls_ssl_session_free( &saved_session );
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
rng_free( &rng );
if( session_data != NULL )
mbedtls_platform_zeroize( session_data, session_data_len );
mbedtls_free( session_data );
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
if( context_buf != NULL )
mbedtls_platform_zeroize( context_buf, context_buf_len );
mbedtls_free( context_buf );
#endif
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_memory_buffer_alloc_status();