mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-16 08:42:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Document security weakness in concurrent execution of psa_destroy_key

Browse Source 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
This commit is contained in:
Ryan Everett 2024-03-14 15:54:07 +00:00
parent d4d6a7a20d
commit f6f973c235
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
include/psa/crypto.h
View File

@ -527,6 +527,11 @@ psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key,
* If a key is currently in use in a multipart operation, then destroying the * If a key is currently in use in a multipart operation, then destroying the
* key will cause the multipart operation to fail. * key will cause the multipart operation to fail.
* *
* \warning We can only guarantee that the the key material will
* eventually be wiped from memory. With threading enabled
* and during concurrent execution, copies of the key material may
* still exist until all threads have finished using the key.
*
* \param key Identifier of the key to erase. If this is \c 0, do nothing and * \param key Identifier of the key to erase. If this is \c 0, do nothing and
* return #PSA_SUCCESS. * return #PSA_SUCCESS.
* *