From e9f00445bc3e02fa4713cf6215eb7cf9e793995d Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Mon, 14 Mar 2022 09:42:32 +0100
Subject: [PATCH] Destroy ecdh_psa_privkey on failure

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 library/ssl_srv.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 23fc49d32b..a873753d89 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3181,6 +3181,8 @@ curve_matching_done:
         {
             ret = psa_ssl_status_to_mbedtls( status );
             MBEDTLS_SSL_DEBUG_RET( 1, "psa_export_public_key", ret );
+            (void) psa_destroy_key( handshake->ecdh_psa_privkey );
+            handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
             return( ret );
         }
 
@@ -3919,6 +3921,8 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
             {
                 ret = psa_ssl_status_to_mbedtls( status );
                 MBEDTLS_SSL_DEBUG_RET( 1, "psa_raw_key_agreement", ret );
+                (void) psa_destroy_key( handshake->ecdh_psa_privkey );
+                handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
                 return( ret );
             }