Document better what wiping a key slot does not do
When a key slot is wiped, a copy of the key material may remain in
operations. This is undesirable, but does not violate the safety of
the code. Tracked in https://github.com/ARMmbed/mbed-crypto/issues/86
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 3a78f56..6041732 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -994,18 +994,16 @@
return( PSA_SUCCESS );
}
-static void psa_abort_operations_using_key( psa_key_slot_t *slot )
-{
- /*FIXME how to implement this?*/
- (void) slot;
-}
-
/** Completely wipe a slot in memory, including its policy.
* Persistent storage is not affected. */
psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot )
{
psa_status_t status = psa_remove_key_data_from_memory( slot );
- psa_abort_operations_using_key( slot );
+ /* Multipart operations may still be using the key. This is safe
+ * because all multipart operation objects are independent from
+ * the key slot: if they need to access the key after the setup
+ * phase, they have a copy of the key. Note that this means that
+ * key material can linger until all operations are completed. */
/* At this point, key material and other type-specific content has
* been wiped. Clear remaining metadata. We can call memset and not
* zeroize because the metadata is not particularly sensitive. */