From e1d01809dc97780265902b73708d8f39b8adca1f Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 14 Apr 2026 11:10:32 +0530 Subject: [PATCH] fix(mbedtls): correct inverted NULL check in esp_hmac_abort_opaque esp_hmac_abort_opaque() had an inverted guard that called mbedtls_platform_zeroize() on the context only when the context pointer was NULL, dereferencing NULL and skipping cleanup of valid contexts. Effect: * Calling the abort path with a NULL pointer crashes (NULL write) instead of being a safe no-op. * The valid (non-NULL) HMAC opaque operation context is never zeroized on abort, leaving sensitive intermediate HMAC state and key handle references in operation memory until the buffer is overwritten or freed. Fix: invert the check so zeroization runs only when the context pointer is non-NULL. --- .../port/psa_driver/esp_mac/psa_crypto_driver_esp_hmac_opaque.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/mbedtls/port/psa_driver/esp_mac/psa_crypto_driver_esp_hmac_opaque.c b/components/mbedtls/port/psa_driver/esp_mac/psa_crypto_driver_esp_hmac_opaque.c index 0c54eb8689..4518bdeaf2 100644 --- a/components/mbedtls/port/psa_driver/esp_mac/psa_crypto_driver_esp_hmac_opaque.c +++ b/components/mbedtls/port/psa_driver/esp_mac/psa_crypto_driver_esp_hmac_opaque.c @@ -64,7 +64,7 @@ psa_status_t esp_hmac_import_key_opaque( psa_status_t esp_hmac_abort_opaque(esp_hmac_opaque_operation_t *esp_hmac_ctx) { - if (!esp_hmac_ctx) { + if (esp_hmac_ctx != NULL) { mbedtls_platform_zeroize(esp_hmac_ctx, sizeof(esp_hmac_opaque_operation_t)); } return PSA_SUCCESS;