TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 16abd59a62522852423a35c2b96a087676e6a7ad^! / .
commit16abd59a62522852423a35c2b96a087676e6a7ad[log] [tgz]
authorRyan Everett <ryan.everett@arm.com>Wed Jan 24 17:37:46 2024 +0000
committerRyan Everett <ryan.everett@arm.com>Mon Jan 29 13:14:50 2024 +0000
tree182cff702e6cae94ee927f825c4a06f35b4aee14
parentb0821959ae4a742de79d834bd71bc3cd1952fb86 [diff]
Update psa_wipe_all_key_slots and document non-thread safety

This function, and mbedtls_psa_crypto_free, are not thread safe as they wipe slots
regardless of state. They are not part of the PSA Crypto API, untrusted applications
cannot call these functions in a crypto service.
In a service intergration, mbedtls_psa_crypto_free on the client cuts the communication
with the crypto service.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>

diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index fc9bf4f..18dccae 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h

@@ -198,6 +198,8 @@
  *
  * This function clears all data associated with the PSA layer,
  * including the whole key store.
+ * This function is not thread safe, it wipes every key slot regardless of
+ * state and reader count. It should only be called when no slot is in use.
  *
  * This is an Mbed TLS extension.
  */

diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index e8813b9..599cc36 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c

@@ -144,6 +144,9 @@
 {
     size_t slot_idx;
 
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_lock(&mbedtls_threading_key_slot_mutex);
+#endif
     for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) {
         psa_key_slot_t *slot = &global_data.key_slots[slot_idx];
         slot->registered_readers = 1;
@@ -151,6 +154,9 @@
         (void) psa_wipe_key_slot(slot);
     }
     global_data.key_slots_initialized = 0;
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_unlock(&mbedtls_threading_key_slot_mutex);
+#endif
 }
 
 psa_status_t psa_reserve_free_key_slot(psa_key_id_t *volatile_key_id,

diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index 002429b..18a9144 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h

@@ -92,6 +92,8 @@
 psa_status_t psa_initialize_key_slots(void);
 
 /** Delete all data from key slots in memory.
+ * This function is not thread safe, it wipes every key slot regardless of
+ * state and reader count. It should only be called when no slot is in use.
  *
  * This does not affect persistent storage. */
 void psa_wipe_all_key_slots(void);