Destroy ecdh_psa_privkey on HRR
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
parent
169f115bf0
commit
4b3fff43a8
@ -1146,6 +1146,7 @@ int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl )
|
|||||||
size_t hash_len;
|
size_t hash_len;
|
||||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||||
uint16_t cipher_suite = ssl->session_negotiate->ciphersuite;
|
uint16_t cipher_suite = ssl->session_negotiate->ciphersuite;
|
||||||
|
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
|
||||||
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
|
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Reset SSL session for HRR" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Reset SSL session for HRR" ) );
|
||||||
@ -1199,6 +1200,19 @@ int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl )
|
|||||||
#if defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA384_C)
|
||||||
ssl->handshake->update_checksum( ssl, hash_transcript, hash_len );
|
ssl->handshake->update_checksum( ssl, hash_transcript, hash_len );
|
||||||
#endif /* MBEDTLS_SHA256_C || MBEDTLS_SHA384_C */
|
#endif /* MBEDTLS_SHA256_C || MBEDTLS_SHA384_C */
|
||||||
|
|
||||||
|
/* Destroy generated private key. */
|
||||||
|
status = psa_destroy_key( ssl->handshake->ecdh_psa_privkey );
|
||||||
|
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
{
|
||||||
|
ret = psa_ssl_status_to_mbedtls( status );
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
|
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user