Update psa_wipe_all_key_slots and document non-thread safety This function, and mbedtls_psa_crypto_free, are not thread safe as they wipe slots regardless of state. They are not part of the PSA Crypto API, untrusted applications cannot call these functions in a crypto service. In a service intergration, mbedtls_psa_crypto_free on the client cuts the communication with the crypto service. Signed-off-by: Ryan Everett <ryan.everett@arm.com>

commit: 16abd59a62522852423a35c2b96a087676e6a7ad [log] [tgz]
author: Ryan Everett <ryan.everett@arm.com> Wed Jan 24 17:37:46 2024 +0000
committer: Ryan Everett <ryan.everett@arm.com> Mon Jan 29 13:14:50 2024 +0000
tree: 182cff702e6cae94ee927f825c4a06f35b4aee14
parent: b0821959ae4a742de79d834bd71bc3cd1952fb86 [diff] [blame]
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index fc9bf4f..18dccae 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h

@@ -198,6 +198,8 @@
  *
  * This function clears all data associated with the PSA layer,
  * including the whole key store.
+ * This function is not thread safe, it wipes every key slot regardless of
+ * state and reader count. It should only be called when no slot is in use.
  *
  * This is an Mbed TLS extension.
  */
commit	16abd59a62522852423a35c2b96a087676e6a7ad	[log] [tgz]
author	Ryan Everett <ryan.everett@arm.com>	Wed Jan 24 17:37:46 2024 +0000
committer	Ryan Everett <ryan.everett@arm.com>	Mon Jan 29 13:14:50 2024 +0000
tree	182cff702e6cae94ee927f825c4a06f35b4aee14
parent	b0821959ae4a742de79d834bd71bc3cd1952fb86 [diff] [blame]