From 8d5a4cbfdb1572776156e5549c2b37863a6e19bc Mon Sep 17 00:00:00 2001
From: Gabor Mezei <gabor.mezei@arm.com>
Date: Tue, 15 Feb 2022 16:23:17 +0100
Subject: [PATCH] Check return value of psa_destroy_key

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
---
 library/ssl_tls13_keys.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 513fb10ee..fbd23e4d3 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -153,6 +153,7 @@ psa_status_t mbedtls_psa_hkdf_expand( psa_algorithm_t alg,
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+    psa_status_t destroy_status = PSA_ERROR_CORRUPTION_DETECTED;
     unsigned char t[PSA_MAC_MAX_SIZE];
 
     if( okm == NULL )
@@ -250,11 +251,13 @@ psa_status_t mbedtls_psa_hkdf_expand( psa_algorithm_t alg,
     }
 
 cleanup:
-    psa_destroy_key( key );
-    mbedtls_platform_zeroize( t, sizeof( t ) );
-    psa_mac_abort( &operation );
+    if( status != PSA_SUCCESS )
+        psa_mac_abort( &operation );
+    destroy_status = psa_destroy_key( key );
 
-    return( status );
+    mbedtls_platform_zeroize( t, sizeof( t ) );
+
+    return( ( status == PSA_SUCCESS ) ? destroy_status : status );
 }
 
 #endif /* MBEDTLS_TEST_HOOKS */