Merge pull request #3973 from stroebeljc/development
Fixed seed variable concatenation pointer.
diff --git a/ChangeLog.d/programs-ssl-use-after-scope.txt b/ChangeLog.d/programs-ssl-use-after-scope.txt
new file mode 100644
index 0000000..64bea61
--- /dev/null
+++ b/ChangeLog.d/programs-ssl-use-after-scope.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix use-after-scope error in programs/ssl/ssl_client2.c and ssl_server2.c
diff --git a/ChangeLog.d/psa_close_key_memory_leak_fix.txt b/ChangeLog.d/psa_close_key_memory_leak_fix.txt
new file mode 100644
index 0000000..91ce174
--- /dev/null
+++ b/ChangeLog.d/psa_close_key_memory_leak_fix.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix memory leak that occured when calling psa_close_key() on a
+ wrapped key with MBEDTLS_PSA_CRYPTO_SE_C defined.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 82b95dc..f7b9129 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1316,7 +1316,8 @@
static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
{
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- if( psa_key_slot_is_external( slot ) )
+ if( psa_get_se_driver( slot->attr.lifetime, NULL, NULL ) &&
+ psa_key_slot_is_external( slot ) )
{
/* No key material to clean. */
}
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index fc69061..1ddfb80 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -2339,12 +2339,12 @@
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ const mbedtls_ssl_srtp_profile forced_profile[] =
+ { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
if( opt.use_srtp == 1 )
{
if( opt.force_srtp_profile != 0 )
{
- const mbedtls_ssl_srtp_profile forced_profile[] =
- { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, forced_profile );
}
else
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index ceeb224..4e11cb3 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -3151,11 +3151,11 @@
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
if( opt.use_srtp == 1 )
{
if( opt.force_srtp_profile != 0 )
{
- const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, forced_profile );
}
else