diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 3cad338b3..251489b8b 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -3032,6 +3032,23 @@ exit: #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + const char* message = mbedtls_test_helper_is_psa_leaking(); + if( message ) + { + if( ret == 0 ) + ret = 1; + mbedtls_printf( "PSA memory leak detected: %s\n", message); + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto + * resources are freed by rng_free(). */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) + mbedtls_psa_crypto_free( ); +#endif + mbedtls_ssl_session_free( &saved_session ); mbedtls_ssl_free( &ssl ); mbedtls_ssl_config_free( &conf ); @@ -3045,18 +3062,6 @@ exit: mbedtls_free( context_buf ); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) - - mbedtls_psa_crypto_free( ); - const char* message = mbedtls_test_helper_is_psa_leaking(); - if( message ) - { - if( ret == 0 ) - ret = 1; - mbedtls_printf( "PSA memory leak detected: %s\n", message); - } -#endif - #if defined(MBEDTLS_TEST_HOOKS) if( test_hooks_failure_detected( ) ) { diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index e62a61051..0787250d7 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3985,10 +3985,6 @@ exit: #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_ssl_free( &ssl ); - mbedtls_ssl_config_free( &conf ); - rng_free( &rng ); - #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_free( &cache ); #endif @@ -3999,16 +3995,7 @@ exit: mbedtls_ssl_cookie_free( &cookie_ctx ); #endif - mbedtls_free( buf ); - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if( context_buf != NULL ) - mbedtls_platform_zeroize( context_buf, context_buf_len ); - mbedtls_free( context_buf ); -#endif - #if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free( ); const char* message = mbedtls_test_helper_is_psa_leaking(); if( message ) { @@ -4018,6 +4005,25 @@ exit: } #endif + /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto + * resources are freed by rng_free(). */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) + mbedtls_psa_crypto_free( ); +#endif + + mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); + rng_free( &rng ); + + mbedtls_free( buf ); + +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) + if( context_buf != NULL ) + mbedtls_platform_zeroize( context_buf, context_buf_len ); + mbedtls_free( context_buf ); +#endif + #if defined(MBEDTLS_TEST_HOOKS) /* Let test hooks detect errors such as resource leaks. * Don't do it in query_config mode, because some test code prints