yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-02 12:11:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

psa_destroy_key: return SUCCESS on an empty slot

Browse source 
Do wipe the slot even if it doesn't contain a key, to erase any metadata.
This commit is contained in:
Gilles Peskine 2018-04-19 08:38:16 +02:00 committed by itayzafrir
parent 71bb7b77f0
commit 154bd95131
2 changed files with 16 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
include/psa/crypto.h
View file

@ -539,7 +539,17 @@ psa_status_t psa_import_key(psa_key_slot_t key,
size_t data_length); size_t data_length);
/** /**
* \brief Destroy a key. * \brief Destroy a key and restore the slot to its default state.
*
* This function destroys the content of the key slot from both volatile
* memory and, if applicable, non-volatile storage. Implementations shall
* make a best effort to ensure that any previous content of the slot is
* unrecoverable.
*
* This function also erases any metadata such as policies. It returns the
* specified slot to its default state.
*
* \param key The key slot to erase.
* *
* \retval PSA_SUCCESS * \retval PSA_SUCCESS
* The slot's content, if any, has been erased. * The slot's content, if any, has been erased.

8
library/psa_crypto.c
View file

@ -373,9 +373,11 @@ psa_status_t psa_destroy_key(psa_key_slot_t key)
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
slot = &global_data.key_slots[key]; slot = &global_data.key_slots[key];
if( slot->type == PSA_KEY_TYPE_NONE ) if( slot->type == PSA_KEY_TYPE_NONE )
return( PSA_ERROR_EMPTY_SLOT ); {
/* No key material to clean, but do zeroize the slot below to wipe
if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) ) * metadata such as policies. */
}
else if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
{ {
mbedtls_free( slot->data.raw.data ); mbedtls_free( slot->data.raw.data );
} }