Use remove_key_data_from_memory instead of wipe_key_slot

Since the loading attempt of a builtin key might be followed by trying
to load a persistent key, we can only wipe the allocated key data, not
the associated metadata.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman 2021-04-07 18:08:30 +02:00
parent 7609b1ff6c
commit 7ddee7f7c5
3 changed files with 5 additions and 3 deletions

View file

@ -1063,8 +1063,7 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy(
psa_get_and_lock_key_slot_with_policy( key, p_slot, usage, alg ) psa_get_and_lock_key_slot_with_policy( key, p_slot, usage, alg )
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
/** Wipe key data from a slot. Preserve metadata such as the policy. */ psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
{ {
/* Data pointer will always be either a valid pointer or NULL in an /* Data pointer will always be either a valid pointer or NULL in an
* initialized slot, so we can just free it. */ * initialized slot, so we can just free it. */

View file

@ -195,6 +195,9 @@ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot, psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot,
size_t buffer_length ); size_t buffer_length );
/** Wipe key data from a slot. Preserves metadata such as the policy. */
psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot );
/** Copy key data (in export format) into an empty key slot. /** Copy key data (in export format) into an empty key slot.
* *
* This function assumes that the slot does not contain * This function assumes that the slot does not contain

View file

@ -327,7 +327,7 @@ static psa_status_t psa_load_builtin_key_into_slot( psa_key_slot_t *slot )
exit: exit:
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
psa_wipe_key_slot( slot ); psa_remove_key_data_from_memory( slot );
return( status ); return( status );
} }
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */