lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Update psa_destroy_key, psa_purge_key and psa_close_key

Browse Source 
This does not yet implement destruction while a key is in use for psa_destroy_key;
that will be implemented in a separate pr.
(I am not sure if I am allowed to change the documentation in the include files.)

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
This commit is contained in:
Ryan Everett
2024-01-03 16:04:33 +00:00
parent 098c6659ad
commit c70ce576bd
4 changed files with 25 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
library/psa_crypto.c
View File

@ -1048,11 +1048,13 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key)
* implemented), the key should be destroyed when all accesses have
* stopped.
*/
if (slot->lock_count > 1) {
psa_unlock_key_slot(slot);
if (slot->registered_readers > 1) {
psa_unregister_read(slot);
return PSA_ERROR_GENERIC_ERROR;
}
slot->state = PSA_SLOT_PENDING_DELETION;
if (PSA_KEY_LIFETIME_IS_READ_ONLY(slot->attr.lifetime)) {
/* Refuse the destruction of a read-only key (which may or may not work
* if we attempt it, depending on whether the key is merely read-only
@ -1126,7 +1128,7 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key)
exit:
status = psa_wipe_key_slot(slot);
/* Prioritize CORRUPTION_DETECTED from wiping over a storage error */
/* Prioritize an error from wiping over a storage error */
if (status != PSA_SUCCESS) {
overall_status = status;
}