commit 73d783244f261213b7a87533343cb38ae76174f4
author Gilles Peskine <gilles.peskine@arm.com> Tue Jan 05 16:55:52 2021 +0100
committer GitHub <noreply@github.com> Tue Jan 05 16:55:52 2021 +0100
tree c467f5aaeda3897acf65c304de35b94a0a67070d
parent e9e0388934534ff3772078f2bf0b42ccab8c3064
parent 462aa575a46050db83bd71ad1a1c313afb418104

Merge pull request #3969 from frestr/bugfix/psa_close_key_leak

PSA Crypto: Don't skip key data removal when SE driver is not in use

ChangeLog.d/psa_close_key_memory_leak_fix.txt

diff --git a/ChangeLog.d/psa_close_key_memory_leak_fix.txt b/ChangeLog.d/psa_close_key_memory_leak_fix.txt
new file mode 100644
index 0000000..91ce174
--- /dev/null
+++ b/ChangeLog.d/psa_close_key_memory_leak_fix.txt
@@ -0,0 +1,3 @@
+Bugfix
+   * Fix memory leak that occured when calling psa_close_key() on a
+     wrapped key with MBEDTLS_PSA_CRYPTO_SE_C defined.

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 82b95dc..f7b9129 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1316,7 +1316,8 @@
 static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
 {
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    if( psa_key_slot_is_external( slot ) )
+    if( psa_get_se_driver( slot->attr.lifetime, NULL, NULL ) &&
+        psa_key_slot_is_external( slot ) )
     {
         /* No key material to clean. */
     }