From f6f973c235dd179fa418324578e736496fe8b47f Mon Sep 17 00:00:00 2001
From: Ryan Everett <ryan.everett@arm.com>
Date: Thu, 14 Mar 2024 15:54:07 +0000
Subject: [PATCH] Document security weakness in concurrent execution of
 psa_destroy_key

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
---
 include/psa/crypto.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 73889e0ddc..7083bd911b 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -527,6 +527,11 @@ psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key,
  * If a key is currently in use in a multipart operation, then destroying the
  * key will cause the multipart operation to fail.
  *
+ * \warning    We can only guarantee that the the key material will
+ *             eventually be wiped from memory. With threading enabled
+ *             and during concurrent execution, copies of the key material may
+ *             still exist until all threads have finished using the key.
+ *
  * \param key  Identifier of the key to erase. If this is \c 0, do nothing and
  *             return #PSA_SUCCESS.
  *