From d94289c83a758b40d39bc02084768be353a36007 Mon Sep 17 00:00:00 2001
From: lly <lly@espressif.com>
Date: Thu, 4 Feb 2021 11:13:51 +0800
Subject: [PATCH] ble_mesh: stack: Fix mbedtls aes ctx not deallocated

---
 .../mesh_core/bluedroid_host/mesh_bearer_adapt.c          | 8 ++++++++
 .../mesh_core/nimble_host/mesh_bearer_adapt.c             | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/components/bt/esp_ble_mesh/mesh_core/bluedroid_host/mesh_bearer_adapt.c b/components/bt/esp_ble_mesh/mesh_core/bluedroid_host/mesh_bearer_adapt.c
index 1cd8b74530..c4d5b893b6 100644
--- a/components/bt/esp_ble_mesh/mesh_core/bluedroid_host/mesh_bearer_adapt.c
+++ b/components/bt/esp_ble_mesh/mesh_core/bluedroid_host/mesh_bearer_adapt.c
@@ -1883,6 +1883,7 @@ int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16],
     sys_memcpy_swap(tmp, key, 16);
 
     if (mbedtls_aes_setkey_enc(&ctx, tmp, 128) != 0) {
+        mbedtls_aes_free(&ctx);
         return -EINVAL;
     }
 
@@ -1890,8 +1891,11 @@ int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16],
 
     if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT,
                               tmp, enc_data) != 0) {
+        mbedtls_aes_free(&ctx);
         return -EINVAL;
     }
+
+    mbedtls_aes_free(&ctx);
 #else /* CONFIG_MBEDTLS_HARDWARE_AES */
     struct tc_aes_key_sched_struct s = {0};
 
@@ -1926,13 +1930,17 @@ int bt_mesh_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16],
     mbedtls_aes_init(&ctx);
 
     if (mbedtls_aes_setkey_enc(&ctx, key, 128) != 0) {
+        mbedtls_aes_free(&ctx);
         return -EINVAL;
     }
 
     if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT,
                               plaintext, enc_data) != 0) {
+        mbedtls_aes_free(&ctx);
         return -EINVAL;
     }
+
+    mbedtls_aes_free(&ctx);
 #else /* CONFIG_MBEDTLS_HARDWARE_AES */
     struct tc_aes_key_sched_struct s = {0};
 
diff --git a/components/bt/esp_ble_mesh/mesh_core/nimble_host/mesh_bearer_adapt.c b/components/bt/esp_ble_mesh/mesh_core/nimble_host/mesh_bearer_adapt.c
index dcd8e001bc..a3b737bac4 100644
--- a/components/bt/esp_ble_mesh/mesh_core/nimble_host/mesh_bearer_adapt.c
+++ b/components/bt/esp_ble_mesh/mesh_core/nimble_host/mesh_bearer_adapt.c
@@ -1866,6 +1866,7 @@ int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16],
     sys_memcpy_swap(tmp, key, 16);
 
     if (mbedtls_aes_setkey_enc(&ctx, tmp, 128) != 0) {
+        mbedtls_aes_free(&ctx);
         return -EINVAL;
     }
 
@@ -1873,8 +1874,11 @@ int bt_mesh_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16],
 
     if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT,
                               tmp, enc_data) != 0) {
+        mbedtls_aes_free(&ctx);
         return -EINVAL;
     }
+
+    mbedtls_aes_free(&ctx);
 #else /* CONFIG_MBEDTLS_HARDWARE_AES */
     struct tc_aes_key_sched_struct s = {0};
 
@@ -1909,13 +1913,17 @@ int bt_mesh_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16],
     mbedtls_aes_init(&ctx);
 
     if (mbedtls_aes_setkey_enc(&ctx, key, 128) != 0) {
+        mbedtls_aes_free(&ctx);
         return -EINVAL;
     }
 
     if (mbedtls_aes_crypt_ecb(&ctx, MBEDTLS_AES_ENCRYPT,
                               plaintext, enc_data) != 0) {
+        mbedtls_aes_free(&ctx);
         return -EINVAL;
     }
+
+    mbedtls_aes_free(&ctx);
 #else /* CONFIG_MBEDTLS_HARDWARE_AES */
     struct tc_aes_key_sched_struct s = {0};