commit 154bd95131470b5d58efc60829dbb8d371b8cd63
author Gilles Peskine <Gilles.Peskine@arm.com> Thu Apr 19 08:38:16 2018 +0200
committer itayzafrir <itay.zafrir@arm.com> Wed Sep 05 12:41:52 2018 +0300
tree 89613cc5114577d5e7042ec2ffe911a9a6655cdf
parent 71bb7b77f05fd3e8f07c99249f9e645326fbd96a

psa_destroy_key: return SUCCESS on an empty slot

Do wipe the slot even if it doesn't contain a key, to erase any metadata.

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index b66862c..deeffa3 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -373,9 +373,11 @@
         return( PSA_ERROR_INVALID_ARGUMENT );
     slot = &global_data.key_slots[key];
     if( slot->type == PSA_KEY_TYPE_NONE )
-        return( PSA_ERROR_EMPTY_SLOT );
-
-    if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
+    {
+        /* No key material to clean, but do zeroize the slot below to wipe
+         * metadata such as policies. */
+    }
+    else if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
     {
         mbedtls_free( slot->data.raw.data );
     }