commit 5097294be9f0327fdfae5c578bfea003d6c9d1ff
author Ronald Cron <ronald.cron@arm.com> Sat Nov 14 11:28:25 2020 +0100
committer Ronald Cron <ronald.cron@arm.com> Thu Nov 19 16:59:40 2020 +0100
tree 2fc756150d0d482cc612ee3c3c238e5349790b80
parent cbf6a1d651a07726c527a2b7d7355fecee35ae23

psa: Decrement slot access count when finalizing key creation

Decrement the slot access count in psa_finish_key_creation()
when the finalization succeeds instead of in functions calling
psa_finish_key_creation(). That way the decrementation cannot
be forgotten and it reduces the code size.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 6b2b500..ac525d5 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2030,6 +2030,10 @@
  * See the documentation of psa_start_key_creation() for the intended use
  * of this function.
  *
+ * If the finalization succeeds, the function decreases the slot access
+ * counter (that was incremented as part of psa_start_key_creation()) and the
+ * slot cannot be accessed anymore as part of the key creation process.
+ *
  * \param[in,out] slot  Pointer to the slot with key material.
  * \param[in] driver    The secure element driver for the key,
  *                      or NULL for a transparent key.
@@ -2093,11 +2097,12 @@
             return( status );
         }
         status = psa_crypto_stop_transaction( );
-        if( status != PSA_SUCCESS )
-            return( status );
     }
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
+    if( status == PSA_SUCCESS )
+        status = psa_decrement_key_slot_access_count( slot );
+
     return( status );
 }
 
@@ -2278,8 +2283,6 @@
         psa_fail_key_creation( slot, driver );
         *key = MBEDTLS_SVC_KEY_ID_INIT;
     }
-    else
-        status = psa_decrement_key_slot_access_count( slot );
 
     return( status );
 }
@@ -2312,8 +2315,6 @@
 exit:
     if( status != PSA_SUCCESS )
         psa_fail_key_creation( slot, driver );
-    else
-        status = psa_decrement_key_slot_access_count( slot );
 
     /* Registration doesn't keep the key in RAM. */
     psa_close_key( key );
@@ -2388,8 +2389,6 @@
         psa_fail_key_creation( target_slot, driver );
         *target_key = MBEDTLS_SVC_KEY_ID_INIT;
     }
-    else
-        status = psa_decrement_key_slot_access_count( target_slot );
 
     decrement_status = psa_decrement_key_slot_access_count( source_slot );
 
@@ -5547,8 +5546,6 @@
         psa_fail_key_creation( slot, driver );
         *key = MBEDTLS_SVC_KEY_ID_INIT;
     }
-    else
-        status = psa_decrement_key_slot_access_count( slot );
 
     return( status );
 }
@@ -6405,8 +6402,6 @@
         psa_fail_key_creation( slot, driver );
         *key = MBEDTLS_SVC_KEY_ID_INIT;
     }
-    else
-        status = psa_decrement_key_slot_access_count( slot );
 
     return( status );
 }