From 7fee4f731895aa13a11dd353ead4ee9e9e260e9e Mon Sep 17 00:00:00 2001
From: Ryan Everett <ryan.everett@arm.com>
Date: Fri, 9 Feb 2024 14:11:27 +0000
Subject: [PATCH] Fix mutex unlock error handling in psa_destroy_key

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
---
 library/psa_crypto.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 9d7b72f87c..27ea3b84c8 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1167,17 +1167,19 @@ exit:
     /* Unregister from reading the slot. If we are the last active reader
      * then this will wipe the slot. */
     status = psa_unregister_read(slot);
+    /* Prioritize CORRUPTION_DETECTED from unregistering over
+     * a storage error. */
+    if (status != PSA_SUCCESS) {
+        overall_status = status;
+    }
 
 #if defined(MBEDTLS_THREADING_C)
+    /* Don't overwrite existing errors if the unlock fails. */
+    status = overall_status;
     PSA_THREADING_CHK_RET(mbedtls_mutex_unlock(
                               &mbedtls_threading_key_slot_mutex));
 #endif
 
-    /* Prioritize CORRUPTION_DETECTED from unregistering or
-     * SERVICE_FAILURE from unlocking over a storage error. */
-    if (status != PSA_SUCCESS) {
-        overall_status = status;
-    }
     return overall_status;
 }