mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-01 13:13:28 +00:00
Update psa_wipe_all_key_slots and document non-thread safety
This function, and mbedtls_psa_crypto_free, are not thread safe as they wipe slots regardless of state. They are not part of the PSA Crypto API, untrusted applications cannot call these functions in a crypto service. In a service intergration, mbedtls_psa_crypto_free on the client cuts the communication with the crypto service. Signed-off-by: Ryan Everett <ryan.everett@arm.com>
This commit is contained in:
parent
b0821959ae
commit
16abd59a62
@ -198,6 +198,8 @@ psa_status_t mbedtls_psa_register_se_key(
|
||||
*
|
||||
* This function clears all data associated with the PSA layer,
|
||||
* including the whole key store.
|
||||
* This function is not thread safe, it wipes every key slot regardless of
|
||||
* state and reader count. It should only be called when no slot is in use.
|
||||
*
|
||||
* This is an Mbed TLS extension.
|
||||
*/
|
||||
|
@ -144,6 +144,9 @@ void psa_wipe_all_key_slots(void)
|
||||
{
|
||||
size_t slot_idx;
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_mutex_lock(&mbedtls_threading_key_slot_mutex);
|
||||
#endif
|
||||
for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) {
|
||||
psa_key_slot_t *slot = &global_data.key_slots[slot_idx];
|
||||
slot->registered_readers = 1;
|
||||
@ -151,6 +154,9 @@ void psa_wipe_all_key_slots(void)
|
||||
(void) psa_wipe_key_slot(slot);
|
||||
}
|
||||
global_data.key_slots_initialized = 0;
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_mutex_unlock(&mbedtls_threading_key_slot_mutex);
|
||||
#endif
|
||||
}
|
||||
|
||||
psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id,
|
||||
|
@ -92,6 +92,8 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key,
|
||||
psa_status_t psa_initialize_key_slots(void);
|
||||
|
||||
/** Delete all data from key slots in memory.
|
||||
* This function is not thread safe, it wipes every key slot regardless of
|
||||
* state and reader count. It should only be called when no slot is in use.
|
||||
*
|
||||
* This does not affect persistent storage. */
|
||||
void psa_wipe_all_key_slots(void);
|
||||
|
Loading…
x
Reference in New Issue
Block a user