Document security weakness in concurrent execution of psa_destroy_key
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 73889e0..7083bd9 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -527,6 +527,11 @@
* If a key is currently in use in a multipart operation, then destroying the
* key will cause the multipart operation to fail.
*
+ * \warning We can only guarantee that the the key material will
+ * eventually be wiped from memory. With threading enabled
+ * and during concurrent execution, copies of the key material may
+ * still exist until all threads have finished using the key.
+ *
* \param key Identifier of the key to erase. If this is \c 0, do nothing and
* return #PSA_SUCCESS.
*