diff --git a/ChangeLog.d/raw-agreement-destroy-missing.txt b/ChangeLog.d/raw-agreement-destroy-missing.txt new file mode 100644 index 000000000..7342b8cfa --- /dev/null +++ b/ChangeLog.d/raw-agreement-destroy-missing.txt @@ -0,0 +1,3 @@ +Bugfix + * Add missing key slot destruction calls when a raw key agreement or + a public key export fails in ssl_write_client_key_exchange. diff --git a/library/ssl_cli.c b/library/ssl_cli.c index ea85ceda3..c67450619 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3722,7 +3722,8 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t key_attributes; mbedtls_ssl_handshake_params *handshake = ssl->handshake; @@ -3765,13 +3766,19 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) own_pubkey, sizeof( own_pubkey ), &own_pubkey_len ); if( status != PSA_SUCCESS ) + { + psa_destroy_key( handshake->ecdh_psa_privkey ); + handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } if( mbedtls_psa_tls_psa_ec_to_ecpoint( own_pubkey, own_pubkey_len, &own_pubkey_ecpoint, &own_pubkey_ecpoint_len ) != 0 ) { + psa_destroy_key( handshake->ecdh_psa_privkey ); + handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } @@ -3791,13 +3798,12 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) ssl->handshake->premaster, sizeof( ssl->handshake->premaster ), &ssl->handshake->pmslen ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - status = psa_destroy_key( handshake->ecdh_psa_privkey ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + destruction_status = psa_destroy_key( handshake->ecdh_psa_privkey ); handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; + + if( status != PSA_SUCCESS || destruction_status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } else #endif /* MBEDTLS_USE_PSA_CRYPTO &&