diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e6d3851ba8..c81666818c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1071,6 +1071,10 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) return status; } +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_lock( + &mbedtls_threading_key_slot_mutex)); +#endif /* Set the key slot containing the key description's state to * PENDING_DELETION. This stops new operations from registering * to read the slot. Current readers can safely continue to access @@ -1079,7 +1083,12 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) * If the key is persistent, we can now delete the copy of the key * from memory. If the key is opaque, we require the driver to * deal with the deletion. */ - slot->state = PSA_SLOT_PENDING_DELETION; + status = psa_key_slot_state_transition(slot, PSA_SLOT_FULL, + PSA_SLOT_PENDING_DELETION); + + if (status != PSA_SUCCESS) { + goto exit; + } if (PSA_KEY_LIFETIME_IS_READ_ONLY(slot->attr.lifetime)) { /* Refuse the destruction of a read-only key (which may or may not work @@ -1134,11 +1143,6 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) if (overall_status == PSA_SUCCESS) { overall_status = status; } - - /* TODO: other slots may have a copy of the same key. We should - * invalidate them. - * https://github.com/ARMmbed/mbed-crypto/issues/214 - */ } #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ @@ -1159,8 +1163,14 @@ exit: /* Unregister from reading the slot. If we are the last active reader * then this will wipe the slot. */ status = psa_unregister_read(slot); - /* Prioritize CORRUPTION_DETECTED from unregistering over - * a storage error. */ + +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif + + /* Prioritize CORRUPTION_DETECTED from unregistering or + * SERVICE_FAILURE from unlocking over a storage error. */ if (status != PSA_SUCCESS) { overall_status = status; }