mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-08-07 06:42:56 +03:00
Merge pull request #9069 from Ryan-Everett-arm/fix-get-and-lock-key-slot-threading-bug
Wipe the returned slot pointer upon failure in `psa_get_and_lock_key_slot`
This commit is contained in:
@@ -424,6 +424,8 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key,
|
||||
if (status != PSA_SUCCESS) {
|
||||
psa_wipe_key_slot(*p_slot);
|
||||
|
||||
/* If the key does not exist, we need to return
|
||||
* PSA_ERROR_INVALID_HANDLE. */
|
||||
if (status == PSA_ERROR_DOES_NOT_EXIST) {
|
||||
status = PSA_ERROR_INVALID_HANDLE;
|
||||
}
|
||||
@@ -440,6 +442,9 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key,
|
||||
status = PSA_ERROR_INVALID_HANDLE;
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
|
||||
|
||||
if (status != PSA_SUCCESS) {
|
||||
*p_slot = NULL;
|
||||
}
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
PSA_THREADING_CHK_RET(mbedtls_mutex_unlock(
|
||||
&mbedtls_threading_key_slot_mutex));
|
||||
|
@@ -58,6 +58,9 @@ static inline int psa_key_id_is_volatile(psa_key_id_t key_id)
|
||||
* It is the responsibility of the caller to call psa_unregister_read(slot)
|
||||
* when they have finished reading the contents of the slot.
|
||||
*
|
||||
* On failure, `*p_slot` is set to NULL. This ensures that it is always valid
|
||||
* to call psa_unregister_read on the returned slot.
|
||||
*
|
||||
* \param key Key identifier to query.
|
||||
* \param[out] p_slot On success, `*p_slot` contains a pointer to the
|
||||
* key slot containing the description of the key
|
||||
|
Reference in New Issue
Block a user