From fe8fc7515fe6d923d229b47f7d3ce3b47fb9e0d4 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 7 Aug 2024 20:09:08 +0200
Subject: [PATCH] PSA_DONE: account for MBEDTLS_TEST_PSA_INTERNAL_KEYS

Replace the hard-coded 1 by the proper constant now that the proper constant
exists.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/src/psa_crypto_helpers.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c
index 1069eddfa1..197fd41980 100644
--- a/tests/src/psa_crypto_helpers.c
+++ b/tests/src/psa_crypto_helpers.c
@@ -74,7 +74,12 @@ const char *mbedtls_test_helper_is_psa_leaking(void)
 
     mbedtls_psa_get_stats(&stats);
 
-    if (stats.volatile_slots > 1) {
+    /* Some volatile slots may be used for internal purposes. Generally
+     * we'll have exactly MBEDTLS_TEST_PSA_INTERNAL_KEYS at this point,
+     * but in some cases we might have less, e.g. if a code path calls
+     * PSA_DONE more than once, or if there has only been a partial or
+     * failed initialization. */
+    if (stats.volatile_slots > MBEDTLS_TEST_PSA_INTERNAL_KEYS) {
         return "A volatile slot has not been closed properly.";
     }
     if (stats.persistent_slots != 0) {