From 154bd95131470b5d58efc60829dbb8d371b8cd63 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Apr 2018 08:38:16 +0200 Subject: [PATCH] psa_destroy_key: return SUCCESS on an empty slot Do wipe the slot even if it doesn't contain a key, to erase any metadata. --- include/psa/crypto.h | 12 +++++++++++- library/psa_crypto.c | 8 +++++--- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index c880586fe..982cca701 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -539,7 +539,17 @@ psa_status_t psa_import_key(psa_key_slot_t key, size_t data_length); /** - * \brief Destroy a key. + * \brief Destroy a key and restore the slot to its default state. + * + * This function destroys the content of the key slot from both volatile + * memory and, if applicable, non-volatile storage. Implementations shall + * make a best effort to ensure that any previous content of the slot is + * unrecoverable. + * + * This function also erases any metadata such as policies. It returns the + * specified slot to its default state. + * + * \param key The key slot to erase. * * \retval PSA_SUCCESS * The slot's content, if any, has been erased. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b66862c50..deeffa3b8 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -373,9 +373,11 @@ psa_status_t psa_destroy_key(psa_key_slot_t key) return( PSA_ERROR_INVALID_ARGUMENT ); slot = &global_data.key_slots[key]; if( slot->type == PSA_KEY_TYPE_NONE ) - return( PSA_ERROR_EMPTY_SLOT ); - - if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) ) + { + /* No key material to clean, but do zeroize the slot below to wipe + * metadata such as policies. */ + } + else if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) ) { mbedtls_free( slot->data.raw.data ); }