mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-29 04:20:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Make psa_reserve_free_key_slot thread safe

Browse Source 
Everything needs to be done under the mutex here, we operate directly on FULL/EMPTY
slots, and we can't let key_slots_initialized change before we operate on slots.
Refactor to use an exit label.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
This commit is contained in:
Ryan Everett 2024-01-23 19:56:32 +00:00
parent 1c0b1bffee
commit 024b395f85
1 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
library/psa_crypto_slot_management.c
View File

@ -160,9 +160,13 @@ psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id,
size_t slot_idx; size_t slot_idx;
psa_key_slot_t *selected_slot, *unused_persistent_key_slot; psa_key_slot_t *selected_slot, *unused_persistent_key_slot;
#if defined(MBEDTLS_THREADING_C)
PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_lock(
&mbedtls_threading_key_slot_mutex));
#endif
if (!global_data.key_slots_initialized) { if (!global_data.key_slots_initialized) {
status = PSA_ERROR_BAD_STATE; status = PSA_ERROR_BAD_STATE;
goto error; goto exit;
} }
selected_slot = unused_persistent_key_slot = NULL; selected_slot = unused_persistent_key_slot = NULL;
@ -194,7 +198,7 @@ psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id,
psa_register_read(selected_slot); psa_register_read(selected_slot);
status = psa_wipe_key_slot(selected_slot); status = psa_wipe_key_slot(selected_slot);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
goto error; goto exit;
} }
} }
@ -202,21 +206,27 @@ psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id,
status = psa_key_slot_state_transition(selected_slot, PSA_SLOT_EMPTY, status = psa_key_slot_state_transition(selected_slot, PSA_SLOT_EMPTY,
PSA_SLOT_FILLING); PSA_SLOT_FILLING);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
goto error; goto exit;
} }
*volatile_key_id = PSA_KEY_ID_VOLATILE_MIN + *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN +
((psa_key_id_t) (selected_slot - global_data.key_slots)); ((psa_key_id_t) (selected_slot - global_data.key_slots));
*p_slot = selected_slot; *p_slot = selected_slot;
return PSA_SUCCESS; goto exit;
} }
status = PSA_ERROR_INSUFFICIENT_MEMORY; status = PSA_ERROR_INSUFFICIENT_MEMORY;
error: exit:
*p_slot = NULL; if (status != PSA_SUCCESS) {
*volatile_key_id = 0; *p_slot = NULL;
*volatile_key_id = 0;
}
#if defined(MBEDTLS_THREADING_C)
PSA_THREADING_CHK_RET(mbedtls_mutex_unlock(
&mbedtls_threading_key_slot_mutex));
#endif
return status; return status;
} }