Skip to content

[nrf fromtree] bluetooth: host: gatt: destroy key after hash calc com… #3218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 22, 2025
Merged

[nrf fromtree] bluetooth: host: gatt: destroy key after hash calc com… #3218

merged 1 commit into from
Aug 22, 2025

Conversation

PavelVPV
Copy link
Contributor

…pletes

To generate the GATT Database Hash characteristic, the function db_hash_setup is called. It allocates an entry for the AES key that will be used in the CMAC calculation. Next, db_hash_update is called to feed all GATT database entries into the hash. Finally, db_hash_finish produces the resulting hash.

However, the AES key entry allocated in db_hash_setup was not being destroyed after the hash generation completed. This caused a memory leak, eventually leading to the error PSA_ERROR_INSUFFICIENT_MEMORY (-134).

This commit fixes the issue by destroying the allocated AES key after the GATT Database Hash calculation is complete, by calling psa_destroy_key in db_hash_finish.

(cherry picked from commit bcdd74d)

@NordicBuilder NordicBuilder mentioned this pull request Aug 21, 2025
Merged
@PavelVPV
[nrf fromtree] bluetooth: host: gatt: destroy key after hash calc com…
45eef23 
…pletes

To generate the GATT Database Hash characteristic, the function
`db_hash_setup` is called. It allocates an entry for the AES key that will
be used in the CMAC calculation. Next, `db_hash_update` is called to feed
all GATT database entries into the hash. Finally, `db_hash_finish`
produces the resulting hash.

However, the AES key entry allocated in `db_hash_setup` was not being
destroyed after the hash generation completed. This caused a memory
leak, eventually leading to the error `PSA_ERROR_INSUFFICIENT_MEMORY`
(`-134`).

This commit fixes the issue by destroying the allocated AES key after
the GATT Database Hash calculation is complete, by calling
`psa_destroy_key` in `db_hash_finish`.

Signed-off-by: Pavel Vasilyev <[email protected]>
(cherry picked from commit bcdd74d)
@PavelVPV PavelVPV force-pushed the cherry_pick_gatt_db_hash_calc_fix branch from 52bff16 to 45eef23 Compare August 22, 2025 07:40
@PavelVPV
Copy link
Contributor Author

Rebased to see if it fixes build issues in matter sample in sdk-nrf.

@rlubos rlubos merged commit 6b0cb07 into nrfconnect:main Aug 22, 2025
19 checks passed
@github-actions github-actions bot mentioned this pull request Aug 22, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alxelax alxelax alxelax approved these changes

@KyraLengfeld KyraLengfeld KyraLengfeld approved these changes

Assignees

No one assigned

Labels

backport ncs-v3.1-branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@PavelVPV @alxelax @KyraLengfeld @rlubos