AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

mbedtls_psa_crypto_free: free allocated slots as well

Browse Source 
Access the slot directly rather than going through psa_get_key_slot.
Unlike other places where key slots are accessed through
psa_get_key_slot, here, we know where all the slots are and there are
no policy or permission considerations.

This resolves a memory leak: allocated slots were not getting freed
because psa_get_key_slot rejected the attempt of accessing them
directly rather than via a handle.
This commit is contained in:
Gilles Peskine 2018-12-03 10:36:46 +01:00
parent 961849f6d1
commit d7c75707b8
1 changed files with 3 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
library/psa_crypto.c
View File

@ -4559,17 +4559,13 @@ psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
void mbedtls_psa_crypto_free( void )
{
psa_key_slot_t key;
key_slot_t *slot;
psa_status_t status;
if( global_data.key_slots_initialized )
{
psa_key_slot_t key;
for( key = 1; key <= PSA_KEY_SLOT_COUNT; key++ )
{
status = psa_get_key_slot( key, &slot );
if( status != PSA_SUCCESS )
continue;
psa_remove_key_data_from_memory( slot );
key_slot_t *slot = &global_data.key_slots[key - 1];
(void) psa_remove_key_data_from_memory( slot );
/* Zeroize the slot to wipe metadata such as policies. */
mbedtls_zeroize( slot, sizeof( *slot ) );
}