commit f291111007cb6dd6962e190aae340052c308622d
author Ronald Cron <ronald.cron@arm.com> Thu Oct 29 17:51:10 2020 +0100
committer Ronald Cron <ronald.cron@arm.com> Tue Nov 10 18:19:59 2020 +0100
tree 5af9089eb1ad6cf5dc99b90210a145fb40771edd
parent ddd3d058034d5a2f808a568cedcf19ed23a9dbc2

psa: Do not reset a key slot under access

When psa_close/destroy/purge_key is called, do not
reset a key slot containing the description
of a persistent key if it is currently accessed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/psa_crypto_slot_management.c

diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 7bfcc4d..9271e14 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -382,7 +382,10 @@
     if( status != PSA_SUCCESS )
         return( status );
 
-    return( psa_wipe_key_slot( slot ) );
+    if( slot->access_count <= 1 )
+        return( psa_wipe_key_slot( slot ) );
+    else
+        return( psa_decrement_key_slot_access_count( slot ) );
 }
 
 psa_status_t psa_purge_key( mbedtls_svc_key_id_t key )
@@ -394,10 +397,11 @@
     if( status != PSA_SUCCESS )
         return( status );
 
-    if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
+    if( ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) &&
+        ( slot->access_count <= 1 ) )
+        return( psa_wipe_key_slot( slot ) );
+    else
         return( psa_decrement_key_slot_access_count( slot ) );
-
-    return( psa_wipe_key_slot( slot ) );
 }
 
 void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats )